diff options
| author | Richard Levitte <levitte@openssl.org> | 2004-01-23 16:49:39 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2004-01-23 16:49:39 +0000 |
| commit | 2bff903483e5d330e06cd1c6e9a120c5dcfb7912 (patch) | |
| tree | bea00dc09b8185458483a0d6de392db11653dc2b | |
| parent | c4fd5d764d4cc2bd12c487967a3b06f2ab7020ad (diff) | |
| download | openssl-new-2bff903483e5d330e06cd1c6e9a120c5dcfb7912.tar.gz | |
This branch hasn't been updated with changes from HEAD for a looooong time...
Here goes.
364 files changed, 6107 insertions, 3352 deletions
@@ -2,7 +2,136 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + + *) An audit of the BIGNUM code is underway, for which debugging code is + enabled when BN_DEBUG is defined. This makes stricter enforcements on what + is considered valid when processing BIGNUMs, and causes execution to + assert() when a problem is discovered. If BN_DEBUG_RAND is defined, + further steps are taken to deliberately pollute unused data in BIGNUM + structures to try and expose faulty code further on. For now, openssl will + (in its default mode of operation) continue to tolerate the inconsistent + forms that it has tolerated in the past, but authors and packagers should + consider trying openssl and their own applications when compiled with + these debugging symbols defined. It will help highlight potential bugs in + their own code, and will improve the test coverage for OpenSSL itself. At + some point, these tighter rules will become openssl's default to improve + maintainability, though the assert()s and other overheads will remain only + in debugging configurations. See bn.h for more details. + [Geoff Thorpe] + + *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure + that can only be obtained through BN_CTX_new() (which implicitly + initialises it). The presence of this function only made it possible + to overwrite an existing structure (and cause memory leaks). + [Geoff Thorpe] + + *) Because of the callback-based approach for implementing LHASH as a + template type, lh_insert() adds opaque objects to hash-tables and + lh_doall() or lh_doall_arg() are typically used with a destructor callback + to clean up those corresponding objects before destroying the hash table + (and losing the object pointers). So some over-zealous constifications in + LHASH have been relaxed so that lh_insert() does not take (nor store) the + objects as "const" and the lh_doall[_arg] callback wrappers are not + prototyped to have "const" restrictions on the object pointers they are + given (and so aren't required to cast them away any more). + [Geoff Thorpe] + + *) The tmdiff.h API was so ugly and minimal that our own timing utility + (speed) prefers to use its own implementation. The two implementations + haven't been consolidated as yet (volunteers?) but the tmdiff API has had + its object type properly exposed (MS_TM) instead of casting to/from "char + *". This may still change yet if someone realises MS_TM and "ms_time_***" + aren't necessarily the greatest nomenclatures - but this is what was used + internally to the implementation so I've used that for now. + [Geoff Thorpe] + + *) Ensure that deprecated functions do not get compiled when + OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of + the self-tests were still using deprecated key-generation functions so + these have been updated also. + [Geoff Thorpe] + + *) Reorganise PKCS#7 code to separate the digest location functionality + into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). + New function PKCS7_set_digest() to set the digest type for PKCS#7 + digestedData type. Add additional code to correctly generate the + digestedData type and add support for this type in PKCS7 initialization + functions. + [Steve Henson] + + *) New function PKCS7_set0_type_other() this initializes a PKCS7 + structure of type "other". + [Steve Henson] + + *) Fix prime generation loop in crypto/bn/bn_prime.pl by making + sure the loop does correctly stop and breaking ("division by zero") + modulus operations are not performed. The (pre-generated) prime + table crypto/bn/bn_prime.h was already correct, but it could not be + re-generated on some platforms because of the "division by zero" + situation in the script. + [Ralf S. Engelschall] + + *) Update support for ECC-based TLS ciphersuites according to + draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with + SHA-1 now is only used for "small" curves (where the + representation of a field element takes up to 24 bytes); for + larger curves, the field element resulting from ECDH is directly + used as premaster secret. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2 + curve secp160r1 to the tests. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add the possibility to load symbols globally with DSO. + [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte] + + *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better + control of the error stack. + [Richard Levitte] + + *) Add support for STORE in ENGINE. + [Richard Levitte] + + *) Add the STORE type. The intention is to provide a common interface + to certificate and key stores, be they simple file-based stores, or + HSM-type store, or LDAP stores, or... + NOTE: The code is currently UNTESTED and isn't really used anywhere. + [Richard Levitte] + + *) Add a generic structure called OPENSSL_ITEM. This can be used to + pass a list of arguments to any function as well as provide a way + for a function to pass data back to the caller. + [Richard Levitte] + + *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup() + works like BUF_strdup() but can be used to duplicate a portion of + a string. The copy gets NUL-terminated. BUF_memdup() duplicates + a memory area. + [Richard Levitte] + + *) Add the function sk_find_ex() which works like sk_find(), but will + return an index to an element even if an exact match couldn't be + found. The index is guaranteed to point at the element where the + searched-for key would be inserted to preserve sorting order. + [Richard Levitte] + + *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but + takes an extra flags argument for optional functionality. Currently, + the following flags are defined: + + OBJ_BSEARCH_VALUE_ON_NOMATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns a negative or zero + number. + + OBJ_BSEARCH_FIRST_VALUE_ON_MATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns zero. This is useful + if there are more than one element where the comparing function + returns zero. + [Richard Levitte] *) Make it possible to create self-signed certificates with 'openssl ca' in such a way that the self-signed certificate becomes part of the @@ -58,11 +187,6 @@ Make that possible even when linking against static libraries! [Richard Levitte] - *) Various fixes to base64 BIO and non blocking I/O. On write - flushes were not handled properly if the BIO retried. On read - data was not being buffered properly and had various logic bugs. - [Steve Henson] - *) Support for single pass processing for S/MIME signing. This now means that S/MIME signing can be done from a pipe, in addition cleartext signing (multipart/signed type) is effectively streaming @@ -491,7 +615,66 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7a and 0.9.7b [xx XXX 2003] + Changes between 0.9.7c and 0.9.7d [xx XXX XXXX] + + *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). + [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>] + + *) Use the correct content when signing type "other". + [Steve Henson] + + Changes between 0.9.7b and 0.9.7c [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + + *) New -ignore_err option in ocsp application to stop the server + exiting on the first error in a request. + [Steve Henson] + + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + + *) Change X509_certificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] + + *) Change AES_cbc_encrypt() so it outputs exact multiple of + blocks during encryption. + [Richard Levitte] + + *) Various fixes to base64 BIO and non blocking I/O. On write + flushes were not handled properly if the BIO retried. On read + data was not being buffered properly and had various logic bugs. + This also affects blocking I/O when the data being decoded is a + certain size. + [Steve Henson] + + *) Various S/MIME bugfixes and compatibility changes: + output correct application/pkcs7 MIME type if + PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures. + Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening + of files as .eml work). Correctly handle very long lines in MIME + parser. + [Steve Henson] + + Changes between 0.9.7a and 0.9.7b [10 Apr 2003] *) Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat @@ -606,6 +789,9 @@ yet to be integrated into this CVS branch: Changes between 0.9.6h and 0.9.7 [31 Dec 2002] + [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after + OpenSSL 0.9.7.] + *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED code (06) was taken as the first octet of the session ID and the last octet was ignored consequently. As a result SSLv2 client side session @@ -2424,6 +2610,67 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6j and 0.9.6k [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + + *) Change X509_certificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] + + Changes between 0.9.6i and 0.9.6j [10 Apr 2003] + + *) Countermeasure against the Klima-Pokorny-Rosa extension of + Bleichbacher's attack on PKCS #1 v1.5 padding: treat + a protocol version number mismatch like a decryption error + in ssl3_get_client_key_exchange (ssl/s3_srvr.c). + [Bodo Moeller] + + *) Turn on RSA blinding by default in the default implementation + to avoid a timing attack. Applications that don't want it can call + RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. + They would be ill-advised to do so in most cases. + [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller] + + *) Change RSA blinding code so that it works when the PRNG is not + seeded (in this case, the secret RSA exponent is abused as + an unpredictable seed -- if it is not unpredictable, there + is no point in blinding anyway). Make RSA blinding thread-safe + by remembering the creator's thread ID in rsa->blinding and + having all other threads use local one-time blinding factors + (this requires more computation than sharing rsa->blinding, but + avoids excessive locking; and if an RSA object is not shared + between threads, blinding will still be very fast). + [Bodo Moeller] + Changes between 0.9.6h and 0.9.6i [19 Feb 2003] *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked @@ -142,13 +142,14 @@ my %table=( "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32::::win32:cygwin-shared:::.dll", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn:linux-shared", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DBN_CTX_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box @@ -178,7 +179,7 @@ my %table=( #### "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups # DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests @@ -218,7 +219,7 @@ my %table=( # './Configure irix-[g]cc' manually. # -mips4 flag is added by ./config when appropriate. "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # N64 ABI builds. "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -240,7 +241,7 @@ my %table=( # suitable for execution on the host you're currently compiling at. # If the toolkit is ment to be used on various PA-RISC processors # consider './config +DAportable'. -# - +DD64 is chosen in favour of +DA2.0W because it's ment to be +# - +DD64 is chosen in favour of +DA2.0W because it's meant to be # compatible with *future* releases. # - If you run ./Configure hpux-parisc-[g]cc manually don't forget to # pass -D_REENTRANT on HP-UX 10 and later. @@ -255,10 +256,10 @@ my %table=( # Since there is mention of this in shlib/hpux10-cc.sh "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # 64bit PARISC for GCC without optimization, which seems to make problems. # Submitted by <ross.alexander@uk.neceur.com> "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HP/UX IA-64 targets "hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -516,6 +517,13 @@ my %table=( # Cygwin "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll", +"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32::::win32:cygwin-shared:::.dll", + +# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools +# netware-clib => legacy CLib c-runtime support +"netware-clib", "mwccnlm:::::${x86_gcc_opts}:::", +# netware-libc => LibC/NKS support +"netware-libc", "mwccnlm:::::BN_LLONG ${x86_gcc_opts}:::", # DJGPP "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", @@ -560,14 +568,16 @@ my %table=( "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", +"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:", ##### Compaq Non-Stop Kernel (Tandem) "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", ); -my @WinTargets=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS - BC-32 BC-16 Mingw32 OS2-EMX); +my @MK1MF_Builds=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS + BC-32 BC-16 Mingw32 OS2-EMX netware-clib netware-libc); my $idx = 0; my $idx_cc = $idx++; @@ -936,7 +946,7 @@ print "Configuring for $target\n"; &usage if (!defined($table{$target})); -my $IsWindows=scalar grep /^$target$/,@WinTargets; +my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; $exe_ext=".exe" if ($target eq "Cygwin"); $exe_ext=".exe" if ($target eq "DJGPP"); @@ -950,7 +960,7 @@ $openssldir=$prefix . "/ssl" if $openssldir eq ""; $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; -print "IsWindows=$IsWindows\n"; +print "IsMK1MF=$IsMK1MF\n"; my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); my $cc = $fields[$idx_cc]; @@ -1498,7 +1508,7 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; print "BF_PTR used\n" if $bf_ptr == 1; print "BF_PTR2 used\n" if $bf_ptr == 2; -if($IsWindows) { +if($IsMK1MF) { open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT <<EOF; #ifndef MK1MF_BUILD @@ -1540,7 +1550,7 @@ EOF } # create the ms/version32.rc file if needed -if ($IsWindows) { +if ($IsMK1MF) { my ($v1, $v2, $v3, $v4); if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) { $v1=hex $1; @@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.7a was released on February 19, 2003. +OpenSSL 0.9.7c was released on September 30, 2003. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -2,8 +2,10 @@ INSTALLATION ON THE UNIX PLATFORM --------------------------------- - [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X) - is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS. + [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) + and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS, + INSTALL.MacOS and INSTALL.NW. + This document describes installation on operating systems in the Unix family.] diff --git a/INSTALL.W32 b/INSTALL.W32 index d4996560dd..0f6c302f0d 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -1,288 +1,288 @@ -
- INSTALLATION ON THE WIN32 PLATFORM
- ----------------------------------
-
- [Instructions for building for Windows CE can be found in INSTALL.WCE]
-
- Heres a few comments about building OpenSSL in Windows environments. Most
- of this is tested on Win32 but it may also work in Win 3.1 with some
- modification.
-
- You need Perl for Win32. Unless you will build on Cygwin, you will need
- ActiveState Perl, available from http://www.activestate.com/ActivePerl.
-
- and one of the following C compilers:
-
- * Visual C++
- * Borland C
- * GNU C (Cygwin or MinGW)
-
- If you are compiling from a tarball or a CVS snapshot then the Win32 files
- may well be not up to date. This may mean that some "tweaking" is required to
- get it all to work. See the trouble shooting section later on for if (when?)
- it goes wrong.
-
- Visual C++
- ----------
-
- If you want to compile in the assembly language routines with Visual C++ then
- you will need an assembler. This is worth doing because it will result in
- faster code: for example it will typically result in a 2 times speedup in the
- RSA routines. Currently the following assemblers are supported:
-
- * Microsoft MASM (aka "ml")
- * Free Netwide Assembler NASM.
-
- MASM is distributed with most versions of VC++. For the versions where it is
- not included in VC++, it is also distributed with some Microsoft DDKs, for
- example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have
- either of these DDKs then you can just download the binaries for the Windows
- 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to
- ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be
- downloaded from the Microsoft developers site www.msdn.com.
-
- NASM is freely available. Version 0.98 was used during testing: other versions
- may also work. It is available from many places, see for example:
- http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
- The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
-
- Firstly you should run Configure:
-
- > perl Configure VC-WIN32
-
- Next you need to build the Makefiles and optionally the assembly language
- files:
-
- - If you are using MASM then run:
-
- > ms\do_masm
-
- - If you are using NASM then run:
-
- > ms\do_nasm
-
- - If you don't want to use the assembly language files at all then run:
-
- > ms\do_ms
-
- If you get errors about things not having numbers assigned then check the
- troubleshooting section: you probably won't be able to compile it as it
- stands.
-
- Then from the VC++ environment at a prompt do:
-
- > nmake -f ms\ntdll.mak
-
- If all is well it should compile and you will have some DLLs and executables
- in out32dll. If you want to try the tests then do:
-
- > cd out32dll
- > ..\ms\test
-
- Tweaks:
-
- There are various changes you can make to the Win32 compile environment. By
- default the library is not compiled with debugging symbols. If you add 'debug'
- to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
- compiled in. Note that mk1mf.pl expects the platform to be the last argument
- on the command line, so 'debug' must appear before that, as all other options.
-
- The default Win32 environment is to leave out any Windows NT specific
- features.
-
- If you want to enable the NT specific features of OpenSSL (currently only the
- logging BIO) follow the instructions above but call the batch file do_nt.bat
- instead of do_ms.bat.
-
- You can also build a static version of the library using the Makefile
- ms\nt.mak
-
- Borland C++ builder 5
- ---------------------
-
- * Configure for building with Borland Builder:
- > perl Configure BC-32
-
- * Create the appropriate makefile
- > ms\do_nasm
-
- * Build
- > make -f ms\bcb.mak
-
- Borland C++ builder 3 and 4
- ---------------------------
-
- * Setup PATH. First must be GNU make then bcb4/bin
-
- * Run ms\bcb4.bat
-
- * Run make:
- > make -f bcb.mak
-
- GNU C (Cygwin)
- --------------
-
- Cygwin provides a bash shell and GNU tools environment running
- on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP.
- Consequently, a make of OpenSSL with Cygwin is closer to a GNU
- bash environment such as Linux than to other the other Win32
- makes.
-
- Cygwin implements a Posix/Unix runtime system (cygwin1.dll).
- It is also possible to create Win32 binaries that only use the
- Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
- MinGW. MinGW can be used in the Cygwin development environment
- or in a standalone setup as described in the following section.
-
- To build OpenSSL using Cygwin:
-
- * Install Cygwin (see http://cygwin.com/)
-
- * Install Perl and ensure it is in the path. Both Cygwin perl
- (5.6.1-2 or newer) and ActivePerl work.
-
- * Run the Cygwin bash shell
-
- * $ tar zxvf openssl-x.x.x.tar.gz
- $ cd openssl-x.x.x
-
- To build the Cygwin version of OpenSSL:
-
- $ ./config
- [...]
- $ make
- [...]
- $ make test
- $ make install
-
- This will create a default install in /usr/local/ssl.
-
- To build the MinGW version (native Windows) in Cygwin:
-
- $ ./Configure mingw
- [...]
- $ make
- [...]
- $ make test
- $ make install
-
- Cygwin Notes:
-
- "make test" and normal file operations may fail in directories
- mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
- stripping of carriage returns. To avoid this ensure that a binary
- mount is used, e.g. mount -b c:\somewhere /home.
-
- "bc" is not provided in older Cygwin distribution. This causes a
- non-fatal error in "make test" but is otherwise harmless. If
- desired and needed, GNU bc can be built with Cygwin without change.
-
- GNU C (MinGW)
- -------------
-
- * Compiler installation:
-
- MinGW is available from http://www.mingw.org. Run the installer and
- set the MinGW bin directory to the PATH in "System Properties" or
- autoexec.bat.
-
- * Compile OpenSSL:
-
- > ms\mingw32
-
- This will create the library and binaries in out. In case any problems
- occur, try
- > ms\mingw32 no-asm
- instead.
-
- libcrypto.a and libssl.a are the static libraries. To use the DLLs,
- link with libeay32.a and libssl32.a instead.
-
- See troubleshooting if you get error messages about functions not having
- a number assigned.
-
- * You can now try the tests:
-
- > cd out
- > ..\ms\test
-
-
- Installation
- ------------
-
- If you used the Cygwin procedure above, you have already installed and
- can skip this section. For all other procedures, there's currently no real
- installation procedure for Win32. There are, however, some suggestions:
-
- - do nothing. The include files are found in the inc32/ subdirectory,
- all binaries are found in out32dll/ or out32/ depending if you built
- dynamic or static libraries.
-
- - do as is written in INSTALL.Win32 that comes with modssl:
-
- $ md c:\openssl
- $ md c:\openssl\bin
- $ md c:\openssl\lib
- $ md c:\openssl\include
- $ md c:\openssl\include\openssl
- $ copy /b inc32\* c:\openssl\include\openssl
- $ copy /b out32dll\ssleay32.lib c:\openssl\lib
- $ copy /b out32dll\libeay32.lib c:\openssl\lib
- $ copy /b out32dll\ssleay32.dll c:\openssl\bin
- $ copy /b out32dll\libeay32.dll c:\openssl\bin
- $ copy /b out32dll\openssl.exe c:\openssl\bin
-
- Of course, you can choose another device than c:. C: is used here
- because that's usually the first (and often only) harddisk device.
- Note: in the modssl INSTALL.Win32, p: is used rather than c:.
-
-
- Troubleshooting
- ---------------
-
- Since the Win32 build is only occasionally tested it may not always compile
- cleanly. If you get an error about functions not having numbers assigned
- when you run ms\do_ms then this means the Win32 ordinal files are not up to
- date. You can do:
-
- > perl util\mkdef.pl crypto ssl update
-
- then ms\do_XXX should not give a warning any more. However the numbers that
- get assigned by this technique may not match those that eventually get
- assigned in the CVS tree: so anything linked against this version of the
- library may need to be recompiled.
-
- If you get errors about unresolved symbols there are several possible
- causes.
-
- If this happens when the DLL is being linked and you have disabled some
- ciphers then it is possible the DEF file generator hasn't removed all
- the disabled symbols: the easiest solution is to edit the DEF files manually
- to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
-
- Another cause is if you missed or ignored the errors about missing numbers
- mentioned above.
-
- If you get warnings in the code then the compilation will halt.
-
- The default Makefile for Win32 halts whenever any warnings occur. Since VC++
- has its own ideas about warnings which don't always match up to other
- environments this can happen. The best fix is to edit the file with the
- warning in and fix it. Alternatively you can turn off the halt on warnings by
- editing the CFLAG line in the Makefile and deleting the /WX option.
-
- You might get compilation errors. Again you will have to fix these or report
- them.
-
- One final comment about compiling applications linked to the OpenSSL library.
- If you don't use the multithreaded DLL runtime library (/MD option) your
- program will almost certainly crash because malloc gets confused -- the
- OpenSSL DLLs are statically linked to one version, the application must
- not use a different one. You might be able to work around such problems
- by adding CRYPTO_malloc_init() to your program before any calls to the
- OpenSSL libraries: This tells the OpenSSL libraries to use the same
- malloc(), free() and realloc() as the application. However there are many
- standard library functions used by OpenSSL that call malloc() internally
- (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
- rely on CRYPTO_malloc_init() solving your problem, and you should
- consistently use the multithreaded library.
+ + INSTALLATION ON THE WIN32 PLATFORM + ---------------------------------- + + [Instructions for building for Windows CE can be found in INSTALL.WCE] + + Heres a few comments about building OpenSSL in Windows environments. Most + of this is tested on Win32 but it may also work in Win 3.1 with some + modification. + + You need Perl for Win32. Unless you will build on Cygwin, you will need + ActiveState Perl, available from http://www.activestate.com/ActivePerl. + + and one of the following C compilers: + + * Visual C++ + * Borland C + * GNU C (Cygwin or MinGW) + + If you are compiling from a tarball or a CVS snapshot then the Win32 files + may well be not up to date. This may mean that some "tweaking" is required to + get it all to work. See the trouble shooting section later on for if (when?) + it goes wrong. + + Visual C++ + ---------- + + If you want to compile in the assembly language routines with Visual C++ then + you will need an assembler. This is worth doing because it will result in + faster code: for example it will typically result in a 2 times speedup in the + RSA routines. Currently the following assemblers are supported: + + * Microsoft MASM (aka "ml") + * Free Netwide Assembler NASM. + + MASM is distributed with most versions of VC++. For the versions where it is + not included in VC++, it is also distributed with some Microsoft DDKs, for + example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have + either of these DDKs then you can just download the binaries for the Windows + 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to + ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be + downloaded from the Microsoft developers site www.msdn.com. + + NASM is freely available. Version 0.98 was used during testing: other versions + may also work. It is available from many places, see for example: + http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ + The NASM binary nasmw.exe needs to be installed anywhere on your PATH. + + Firstly you should run Configure: + + > perl Configure VC-WIN32 + + Next you need to build the Makefiles and optionally the assembly language + files: + + - If you are using MASM then run: + + > ms\do_masm + + - If you are using NASM then run: + + > ms\do_nasm + + - If you don't want to use the assembly language files at all then run: + + > ms\do_ms + + If you get errors about things not having numbers assigned then check the + troubleshooting section: you probably won't be able to compile it as it + stands. + + Then from the VC++ environment at a prompt do: + + > nmake -f ms\ntdll.mak + + If all is well it should compile and you will have some DLLs and executables + in out32dll. If you want to try the tests then do: + + > cd out32dll + > ..\ms\test + + Tweaks: + + There are various changes you can make to the Win32 compile environment. By + default the library is not compiled with debugging symbols. If you add 'debug' + to the mk1mf.pl lines in the do_* batch file then debugging symbols will be + compiled in. Note that mk1mf.pl expects the platform to be the last argument + on the command line, so 'debug' must appear before that, as all other options. + + The default Win32 environment is to leave out any Windows NT specific + features. + + If you want to enable the NT specific features of OpenSSL (currently only the + logging BIO) follow the instructions above but call the batch file do_nt.bat + instead of do_ms.bat. + + You can also build a static version of the library using the Makefile + ms\nt.mak + + Borland C++ builder 5 + --------------------- + + * Configure for building with Borland Builder: + > perl Configure BC-32 + + * Create the appropriate makefile + > ms\do_nasm + + * Build + > make -f ms\bcb.mak + + Borland C++ builder 3 and 4 + --------------------------- + + * Setup PATH. First must be GNU make then bcb4/bin + + * Run ms\bcb4.bat + + * Run make: + > make -f bcb.mak + + GNU C (Cygwin) + -------------- + + Cygwin provides a bash shell and GNU tools environment running + on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. + Consequently, a make of OpenSSL with Cygwin is closer to a GNU + bash environment such as Linux than to other the other Win32 + makes. + + Cygwin implements a Posix/Unix runtime system (cygwin1.dll). + It is also possible to create Win32 binaries that only use the + Microsoft C runtime system (msvcrt.dll or crtdll.dll) using + MinGW. MinGW can be used in the Cygwin development environment + or in a standalone setup as described in the following section. + + To build OpenSSL using Cygwin: + + * Install Cygwin (see http://cygwin.com/) + + * Install Perl and ensure it is in the path. Both Cygwin perl + (5.6.1-2 or newer) and ActivePerl work. + + * Run the Cygwin bash shell + + * $ tar zxvf openssl-x.x.x.tar.gz + $ cd openssl-x.x.x + + To build the Cygwin version of OpenSSL: + + $ ./config + [...] + $ make + [...] + $ make test + $ make install + + This will create a default install in /usr/local/ssl. + + To build the MinGW version (native Windows) in Cygwin: + + $ ./Configure mingw + [...] + $ make + [...] + $ make test + $ make install + + Cygwin Notes: + + "make test" and normal file operations may fail in directories + mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin + stripping of carriage returns. To avoid this ensure that a binary + mount is used, e.g. mount -b c:\somewhere /home. + + "bc" is not provided in older Cygwin distribution. This causes a + non-fatal error in "make test" but is otherwise harmless. If + desired and needed, GNU bc can be built with Cygwin without change. + + GNU C (MinGW) + ------------- + + * Compiler installation: + + MinGW is available from http://www.mingw.org. Run the installer and + set the MinGW bin directory to the PATH in "System Properties" or + autoexec.bat. + + * Compile OpenSSL: + + > ms\mingw32 + + This will create the library and binaries in out. In case any problems + occur, try + > ms\mingw32 no-asm + instead. + + libcrypto.a and libssl.a are the static libraries. To use the DLLs, + link with libeay32.a and libssl32.a instead. + + See troubleshooting if you get error messages about functions not having + a number assigned. + + * You can now try the tests: + + > cd out + > ..\ms\test + + + Installation + ------------ + + If you used the Cygwin procedure above, you have already installed and + can skip this section. For all other procedures, there's currently no real + installation procedure for Win32. There are, however, some suggestions: + + - do nothing. The include files are found in the inc32/ subdirectory, + all binaries are found in out32dll/ or out32/ depending if you built + dynamic or static libraries. + + - do as is written in INSTALL.Win32 that comes with modssl: + + $ md c:\openssl + $ md c:\openssl\bin + $ md c:\openssl\lib + $ md c:\openssl\include + $ md c:\openssl\include\openssl + $ copy /b inc32\openssl\* c:\openssl\include\openssl + $ copy /b out32dll\ssleay32.lib c:\openssl\lib + $ copy /b out32dll\libeay32.lib c:\openssl\lib + $ copy /b out32dll\ssleay32.dll c:\openssl\bin + $ copy /b out32dll\libeay32.dll c:\openssl\bin + $ copy /b out32dll\openssl.exe c:\openssl\bin + + Of course, you can choose another device than c:. C: is used here + because that's usually the first (and often only) harddisk device. + Note: in the modssl INSTALL.Win32, p: is used rather than c:. + + + Troubleshooting + --------------- + + Since the Win32 build is only occasionally tested it may not always compile + cleanly. If you get an error about functions not having numbers assigned + when you run ms\do_ms then this means the Win32 ordinal files are not up to + date. You can do: + + > perl util\mkdef.pl crypto ssl update + + then ms\do_XXX should not give a warning any more. However the numbers that + get assigned by this technique may not match those that eventually get + assigned in the CVS tree: so anything linked against this version of the + library may need to be recompiled. + + If you get errors about unresolved symbols there are several possible + causes. + + If this happens when the DLL is being linked and you have disabled some + ciphers then it is possible the DEF file generator hasn't removed all + the disabled symbols: the easiest solution is to edit the DEF files manually + to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. + + Another cause is if you missed or ignored the errors about missing numbers + mentioned above. + + If you get warnings in the code then the compilation will halt. + + The default Makefile for Win32 halts whenever any warnings occur. Since VC++ + has its own ideas about warnings which don't always match up to other + environments this can happen. The best fix is to edit the file with the + warning in and fix it. Alternatively you can turn off the halt on warnings by + editing the CFLAG line in the Makefile and deleting the /WX option. + + You might get compilation errors. Again you will have to fix these or report + them. + + One final comment about compiling applications linked to the OpenSSL library. + If you don't use the multithreaded DLL runtime library (/MD option) your + program will almost certainly crash because malloc gets confused -- the + OpenSSL DLLs are statically linked to one version, the application must + not use a different one. You might be able to work around such problems + by adding CRYPTO_malloc_init() to your program before any calls to the + OpenSSL libraries: This tells the OpenSSL libraries to use the same + malloc(), free() and realloc() as the application. However there are many + standard library functions used by OpenSSL that call malloc() internally + (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot + rely on CRYPTO_malloc_init() solving your problem, and you should + consistently use the multithreaded library. diff --git a/MacOS/GetHTTPS.src/CPStringUtils.cpp b/MacOS/GetHTTPS.src/CPStringUtils.cpp index 5f64afe967..617aae2c70 100644 --- a/MacOS/GetHTTPS.src/CPStringUtils.cpp +++ b/MacOS/GetHTTPS.src/CPStringUtils.cpp @@ -2750,4 +2750,4 @@ void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL) } } } -}
\ No newline at end of file +} diff --git a/MacOS/GetHTTPS.src/ErrorHandling.cpp b/MacOS/GetHTTPS.src/ErrorHandling.cpp index 07a32de59e..80b6a675f4 100644 --- a/MacOS/GetHTTPS.src/ErrorHandling.cpp +++ b/MacOS/GetHTTPS.src/ErrorHandling.cpp @@ -167,4 +167,4 @@ void ThrowErrorMessageException(void) ThrowDescriptiveException(gErrorMessage); } -#endif
\ No newline at end of file +#endif diff --git a/Makefile.org b/Makefile.org index 58c0807fbf..5c3e60ff07 100644 --- a/Makefile.org +++ b/Makefile.org @@ -78,7 +78,7 @@ MAKEDEPPROG=makedepend # gcc, then the driver will automatically translate it to -xarch=v8plus # and pass it down to assembler. AS=$(CC) -c -ASFLAGS=$(CFLAG) +ASFLAG=$(CFLAG) # Set BN_ASM to bn_asm.o if you want to use the C version BN_ASM= bn_asm.o @@ -174,11 +174,13 @@ SHLIBDIRS= crypto ssl # dirs in crypto to build SDIRS= \ + objects \ md2 md4 md5 sha mdc2 hmac ripemd \ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa ecdsa dh ecdh dso engine aes \ - buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + buffer bio stack lhash rand err \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + store # tests to perform. "alltests" is a special word indicating that all tests # should be performed. @@ -191,6 +193,7 @@ MAKE= $(NEWMAKE) -f Makefile.ssl MANDIR=$(OPENSSLDIR)/man MAN1=1 MAN3=3 +MANSUFFIX= SHELL=/bin/sh TOP= . @@ -217,7 +220,7 @@ all: Makefile.ssl build_all openssl.pc BUILD_CMD=if echo " $(DIRS) " | grep " $$i " >/dev/null 2>/dev/null; then \ if [ -d "$$i" ]; then \ (cd $$i && echo "making all in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ else \ $(MAKE) $$i; \ fi; fi @@ -255,7 +258,7 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a fi clean-shared: - @for i in $(SHLIBDIRS); do \ + @set -e; for i in $(SHLIBDIRS); do \ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ tmp="$(SHARED_LIBS_LINK_EXTS)"; \ for j in $${tmp:-x}; do \ @@ -269,7 +272,7 @@ clean-shared: done link-shared: - @ for i in ${SHLIBDIRS}; do \ + @ set -e; for i in ${SHLIBDIRS}; do \ $(NEWMAKE) -f $(HERE)/Makefile.shared \ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ @@ -280,7 +283,7 @@ link-shared: build-shared: do_$(SHLIB_TARGET) link-shared do_$(SHLIB_TARGET): - @ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ libs="$(LIBKRB5) $$libs"; \ fi; \ @@ -318,7 +321,7 @@ libclean: clean: libclean rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making clean in $$i..." && \ @@ -329,7 +332,7 @@ clean: libclean rm -f openssl.pc rm -f speed.* .pure rm -f $(TARFILE) - @for i in $(ONEDIRS) ;\ + @set -e; for i in $(ONEDIRS) ;\ do \ rm -fr $$i/*; \ done @@ -340,7 +343,7 @@ makefile.one: files files: $(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making 'files' in $$i..." && \ @@ -352,7 +355,7 @@ links: @$(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) - @for i in $(DIRS); do \ + @set -e; for i in $(DIRS); do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making links in $$i..." && \ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \ @@ -365,7 +368,7 @@ gentests: dclean: rm -f *.bak - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making dclean in $$i..." && \ @@ -403,7 +406,7 @@ report: @$(PERL) util/selftest.pl depend: - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making dependencies $$i..." && \ @@ -412,7 +415,7 @@ depend: done; lint: - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making lint $$i..." && \ @@ -421,7 +424,7 @@ lint: done; tags: - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making tags $$i..." && \ @@ -493,24 +496,24 @@ install: all install_docs $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/engines \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private \ $(INSTALL_PREFIX)$(OPENSSLDIR)/lib - @for i in $(EXHEADER) ;\ + @set -e; for i in $(EXHEADER) ;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; - @for i in $(DIRS) ;\ + @set -e; for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ (cd $$i; echo "installing $$i..."; \ $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' install ); \ fi; \ done - @for i in $(LIBS) ;\ + @set -e; for i in $(LIBS) ;\ do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ @@ -520,7 +523,7 @@ install: all install_docs mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi; \ done; - @if [ -n "$(SHARED_LIBS)" ]; then \ + @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ tmp="$(SHARED_LIBS)"; \ for i in $${tmp:-x}; \ do \ @@ -552,6 +555,7 @@ install: all install_docs fi; \ fi cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ @@ -565,36 +569,38 @@ install_docs: if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \ filecase=-i; \ fi; \ - for i in doc/apps/*.pod; do \ + set -e; for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ - echo "installing man$$sec/$$fn.$$sec"; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ + grep -v "[ ]" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$$sec $$n.$$sec; \ + $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done; \ - for i in doc/crypto/*.pod doc/ssl/*.pod; do \ + set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ - echo "installing man$$sec/$$fn.$$sec"; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ + grep -v "[ ]" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$$sec $$n.$$sec; \ + $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done @@ -5,6 +5,24 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: + + o Security: fix various ASN1 parsing bugs. + o New -ignore_err option to OCSP utility. + o Various interop and bug fixes in S/MIME code. + o SSL/TLS protocol fix for unrequested client certificates. + + Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: + + o Security: counter the Klima-Pokorny-Rosa extension of + Bleichbacher's attack + o Security: make RSA blinding default. + o Configuration: Irix fixes, AIX fixes, better mingw support. + o Support for new platforms: linux-ia64-ecc. + o Build: shared library support fixes. + o ASN.1: treat domainComponent correctly. + o Documentation: fixes and additions. + Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: o Security: Important security related bugfixes. @@ -29,11 +47,14 @@ o New elliptic curve library section. o New AES (Rijndael) library section. o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, - Linux x86_64 + Linux x86_64, Linux 64-bit on Sparc v9 o Extended support for some platforms: VxWorks o Enhanced support for shared libraries. + o Now only builds PIC code when shared library support is requested. o Support for pkg-config. o Lots of new manuals. + o Makes symbolic links to or copies of manuals to cover all described + functions. o Change DES API to clean up the namespace (some applications link also against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the @@ -59,6 +80,18 @@ o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). + Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: + + o Security: fix various ASN1 parsing bugs. + o SSL/TLS protocol fix for unrequested client certificates. + + Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: + + o Security: counter the Klima-Pokorny-Rosa extension of + Bleichbacher's attack + o Security: make RSA blinding default. + o Build: shared library support fixes. + Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: o Important security related bugfixes. @@ -98,3 +98,34 @@ config-line. './Configure aix43-cc shared' is working, but not libraries. It's possible to build 64-bit shared libraries by running 'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one supporting even gcc shared builds. See RT#463 for background information. + +* Problems building shared libraries on SCO OpenServer Release 5.0.6 + with gcc 2.95.3 + +The symptoms appear when running the test suite, more specifically +test/ectest, with the following result: + +OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest +ectest.c:186: ABORT + +The cause of the problem seems to be that isxdigit(), called from +BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further +investigation shows that any of the isxxx() macros return 0 on any +input. A direct look in the information array that the isxxx() use, +called __ctype, shows that it contains all zeroes... + +Taking a look at the newly created libcrypto.so with nm, one can see +that the variable __ctype is defined in libcrypto's .bss (which +explains why it is filled with zeroes): + +$ nm -Pg libcrypto.so | grep __ctype +__ctype B 0011659c +__ctype2 U + +Curiously, __ctype2 is undefined, in spite of being declared in +/usr/include/ctype.h in exactly the same way as __ctype. + +Any information helping to solve this issue would be deeply +appreciated. + +NOTE: building non-shared doesn't come with this problem. @@ -1500,6 +1500,31 @@ $shared_extension = $ranlib = $arflags = +*** debug-Cygwin +$cc = gcc +$cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror +$unistd = +$thread_cflag = +$sys_id = CYGWIN32 +$lflags = +$bn_ops = +$bn_obj = +$des_obj = win32 +$bf_obj = cygwin-shared +$md5_obj = +$sha1_obj = +$cast_obj = .dll +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = + *** debug-ben $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe @@ -1650,9 +1675,34 @@ $shared_extension = $ranlib = $arflags = +*** debug-geoff +$cc = gcc +$cflags = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DBN_CTX_DEBUG -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -g -ggdb3 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** debug-levitte-linux-elf $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1677,7 +1727,7 @@ $arflags = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1702,7 +1752,7 @@ $arflags = *** debug-levitte-linux-noasm $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1727,7 +1777,7 @@ $arflags = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1952,16 +2002,16 @@ $arflags = *** debug-solaris-sparcv9-gcc $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT -$sys_id = +$sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = -$md5_obj = +$md5_obj = asm/md5-sparcv8plus.o $sha1_obj = $cast_obj = $rc4_obj = @@ -2027,21 +2077,21 @@ $arflags = *** debug-ulf $cc = gcc -$cflags = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe +$cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations $unistd = -$thread_cflag = -D_REENTRANT -$sys_id = +$thread_cflag = +$sys_id = CYGWIN32 $lflags = -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = asm/bn86-elf.o asm/co86-elf.o -$des_obj = asm/dx86-elf.o asm/yx86-elf.o -$bf_obj = asm/bx86-elf.o -$md5_obj = asm/mx86-elf.o -$sha1_obj = asm/sx86-elf.o -$cast_obj = asm/cx86-elf.o -$rc4_obj = asm/rx86-elf.o -$rmd160_obj = asm/rm86-elf.o -$rc5_obj = asm/r586-elf.o +$bn_ops = +$bn_obj = +$des_obj = win32 +$bf_obj = cygwin-shared +$md5_obj = +$sha1_obj = +$cast_obj = .dll +$rc4_obj = +$rmd160_obj = +$rc5_obj = $dso_scheme = $shared_target= $shared_cflag = @@ -2575,9 +2625,9 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -*** hpux64-parisc-cc -$cc = cc -$cflags = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY +*** hpux64-parisc-gcc +$cc = gcc +$cflags = -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2594,21 +2644,21 @@ $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn $shared_target= hpux64-shared -$shared_cflag = +Z +$shared_cflag = -fpic $shared_ldflag = $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -*** hpux64-parisc-gcc -$cc = gcc -$cflags = -DB_ENDIAN -DMD32_XARRAY +*** hpux64-parisc2-cc +$cc = cc +$cflags = +DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl $bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT -$bn_obj = +$bn_obj = asm/pa-risc2W.o $des_obj = $bf_obj = $md5_obj = @@ -2619,15 +2669,15 @@ $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn $shared_target= hpux64-shared -$shared_cflag = -fpic +$shared_cflag = +Z $shared_ldflag = $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -*** hpux64-parisc2-cc -$cc = cc -$cflags = +DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY +*** hpux64-parisc2-gcc +$cc = gcc +$cflags = -O3 -DB_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2644,7 +2694,7 @@ $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn $shared_target= hpux64-shared -$shared_cflag = +Z +$shared_cflag = -fpic $shared_ldflag = $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = @@ -2727,7 +2777,7 @@ $arflags = *** irix-mips3-cc $cc = cc -$cflags = -n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3500,6 +3550,56 @@ $shared_extension = $ranlib = $arflags = +*** netware-clib +$cc = mwccnlm +$cflags = +$unistd = +$thread_cflag = +$sys_id = +$lflags = RC4_INDEX MD2_INT +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = + +*** netware-libc +$cc = mwccnlm +$cflags = +$unistd = +$thread_cflag = +$sys_id = +$lflags = BN_LLONG RC4_INDEX MD2_INT +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = + *** newsos4-gcc $cc = gcc $cflags = -O -DB_ENDIAN @@ -4250,6 +4350,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** vxworks-mipsle +$cc = ccmips +$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I$(WIND_BASE)/target/h +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = ranlibmips +$arflags = + *** vxworks-ppc405 $cc = ccppc $cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h @@ -4324,3 +4449,28 @@ $shared_ldflag = $shared_extension = $ranlib = $arflags = + +*** vxworks-ppc860 +$cc = ccppc +$cflags = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h +$unistd = +$thread_cflag = +$sys_id = VXWORKS +$lflags = -r +$bn_ops = +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = +$ranlib = +$arflags = diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 168fb06233..45ea6e08cb 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -105,14 +105,14 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO install: - @for i in $(EXE); \ + @set -e; for i in $(EXE); \ do \ (echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ done; - @for i in $(SCRIPTS); \ + @set -e; for i in $(SCRIPTS); \ do \ (echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ @@ -129,7 +129,7 @@ tags: tests: links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -195,10 +195,10 @@ app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h app_rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h -app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -app_rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c -app_rand.o: apps.h +app_rand.o: ../include/openssl/stack.h ../include/openssl/store.h +app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +app_rand.o: ../include/openssl/ui.h ../include/openssl/x509.h +app_rand.o: ../include/openssl/x509_vfy.h app_rand.c apps.h apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -214,9 +214,10 @@ apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h apps.o: ../include/openssl/sha.h ../include/openssl/stack.h -apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -apps.o: ../include/openssl/ui.h ../include/openssl/x509.h -apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h +apps.o: ../include/openssl/store.h ../include/openssl/symhacks.h +apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +apps.o: ../include/openssl/x509v3.h apps.c apps.h asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -231,10 +232,10 @@ asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h asn1pars.o: ../include/openssl/rand.h ../include/openssl/rsa.h asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h -asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -asn1pars.o: asn1pars.c +asn1pars.o: ../include/openssl/stack.h ../include/openssl/store.h +asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +asn1pars.o: ../include/openssl/ui.h ../include/openssl/x509.h +asn1pars.o: ../include/openssl/x509_vfy.h apps.h asn1pars.c ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -250,9 +251,10 @@ ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ca.o: ../include/openssl/sha.h ../include/openssl/stack.h -ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -ca.o: ../include/openssl/ui.h ../include/openssl/x509.h -ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c +ca.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ca.o: ../include/openssl/x509v3.h apps.h ca.c ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -270,10 +272,11 @@ ciphers.o: ../include/openssl/rand.h ../include/openssl/rsa.h ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ciphers.o: ../include/openssl/ui.h ../include/openssl/x509.h -ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c +ciphers.o: ../include/openssl/stack.h ../include/openssl/store.h +ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +ciphers.o: ciphers.c crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -288,10 +291,10 @@ crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h crl.o: ../include/openssl/rand.h ../include/openssl/rsa.h crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -crl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -crl.o: ../include/openssl/x509v3.h apps.h crl.c +crl.o: ../include/openssl/stack.h ../include/openssl/store.h +crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +crl.o: ../include/openssl/ui.h ../include/openssl/x509.h +crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -306,10 +309,10 @@ crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h crl2p7.o: ../include/openssl/rand.h ../include/openssl/rsa.h crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h -crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -crl2p7.o: crl2p7.c +crl2p7.o: ../include/openssl/stack.h ../include/openssl/store.h +crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +crl2p7.o: ../include/openssl/ui.h ../include/openssl/x509.h +crl2p7.o: ../include/openssl/x509_vfy.h apps.h crl2p7.c dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -324,9 +327,10 @@ dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dgst.o: ../include/openssl/rand.h ../include/openssl/rsa.h dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dgst.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c +dgst.o: ../include/openssl/stack.h ../include/openssl/store.h +dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dgst.o: ../include/openssl/ui.h ../include/openssl/x509.h +dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -341,9 +345,10 @@ dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dh.o: ../include/openssl/rand.h ../include/openssl/rsa.h dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c +dh.o: ../include/openssl/stack.h ../include/openssl/store.h +dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dh.o: ../include/openssl/ui.h ../include/openssl/x509.h +dh.o: ../include/openssl/x509_vfy.h apps.h dh.c dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -358,9 +363,10 @@ dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c +dsa.o: ../include/openssl/stack.h ../include/openssl/store.h +dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +dsa.o: ../include/openssl/x509_vfy.h apps.h dsa.c dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -375,10 +381,10 @@ dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -dsaparam.o: dsaparam.c +dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h +dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h +dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ec.o: ../include/openssl/bn.h ../include/openssl/buffer.h ec.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -393,9 +399,10 @@ ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ec.o: ../include/openssl/rand.h ../include/openssl/rsa.h ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ec.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c +ec.o: ../include/openssl/stack.h ../include/openssl/store.h +ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ec.o: ../include/openssl/ui.h ../include/openssl/x509.h +ec.o: ../include/openssl/x509_vfy.h apps.h ec.c ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -410,10 +417,10 @@ ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ecparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -ecparam.o: ecparam.c +ecparam.o: ../include/openssl/stack.h ../include/openssl/store.h +ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ecparam.o: ../include/openssl/ui.h ../include/openssl/x509.h +ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -428,9 +435,10 @@ enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -enc.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c +enc.o: ../include/openssl/stack.h ../include/openssl/store.h +enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +enc.o: ../include/openssl/ui.h ../include/openssl/x509.h +enc.o: ../include/openssl/x509_vfy.h apps.h enc.c engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h engine.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -448,10 +456,11 @@ engine.o: ../include/openssl/rand.h ../include/openssl/rsa.h engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -engine.o: ../include/openssl/ui.h ../include/openssl/x509.h -engine.o: ../include/openssl/x509_vfy.h apps.h engine.c +engine.o: ../include/openssl/stack.h ../include/openssl/store.h +engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +engine.o: engine.c errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -469,10 +478,11 @@ errstr.o: ../include/openssl/rand.h ../include/openssl/rsa.h errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -errstr.o: ../include/openssl/ui.h ../include/openssl/x509.h -errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c +errstr.o: ../include/openssl/stack.h ../include/openssl/store.h +errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +errstr.o: errstr.c gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -487,9 +497,10 @@ gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c +gendh.o: ../include/openssl/stack.h ../include/openssl/store.h +gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h +gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -504,10 +515,10 @@ gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h gendsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -gendsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -gendsa.o: gendsa.c +gendsa.o: ../include/openssl/stack.h ../include/openssl/store.h +gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +gendsa.o: ../include/openssl/x509_vfy.h apps.h gendsa.c genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -522,10 +533,10 @@ genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -genrsa.o: genrsa.c +genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h +genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -540,9 +551,10 @@ nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h nseq.o: ../include/openssl/rand.h ../include/openssl/rsa.h nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h -nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -nseq.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c +nseq.o: ../include/openssl/stack.h ../include/openssl/store.h +nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +nseq.o: ../include/openssl/ui.h ../include/openssl/x509.h +nseq.o: ../include/openssl/x509_vfy.h apps.h nseq.c ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -561,10 +573,10 @@ ocsp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ocsp.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c +ocsp.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +ocsp.o: ../include/openssl/ui.h ../include/openssl/x509.h +ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -582,10 +594,11 @@ openssl.o: ../include/openssl/rand.h ../include/openssl/rsa.h openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -openssl.o: ../include/openssl/ui.h ../include/openssl/x509.h -openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h +openssl.o: ../include/openssl/stack.h ../include/openssl/store.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +openssl.o: openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -601,10 +614,10 @@ passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h -passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -passwd.o: passwd.c +passwd.o: ../include/openssl/store.h ../include/openssl/symhacks.h +passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -620,9 +633,10 @@ pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs12.o: ../include/openssl/ui.h ../include/openssl/x509.h -pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c +pkcs12.o: ../include/openssl/store.h ../include/openssl/symhacks.h +pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +pkcs12.o: pkcs12.c pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -637,9 +651,10 @@ pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h pkcs7.o: ../include/openssl/rand.h ../include/openssl/rsa.h pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h -pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c +pkcs7.o: ../include/openssl/stack.h ../include/openssl/store.h +pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +pkcs7.o: ../include/openssl/ui.h ../include/openssl/x509.h +pkcs7.o: ../include/openssl/x509_vfy.h apps.h pkcs7.c pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -655,9 +670,9 @@ pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs8.o: ../include/openssl/ui.h ../include/openssl/x509.h -pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c +pkcs8.o: ../include/openssl/store.h ../include/openssl/symhacks.h +pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs8.c rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -671,9 +686,10 @@ rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c +rand.o: ../include/openssl/stack.h ../include/openssl/store.h +rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rand.o: ../include/openssl/ui.h ../include/openssl/x509.h +rand.o: ../include/openssl/x509_vfy.h apps.h rand.c req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/asn1.h req.o: ../include/openssl/bio.h ../include/openssl/bn.h req.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -689,9 +705,10 @@ req.o: ../include/openssl/pem.h ../include/openssl/pem2.h req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h req.o: ../include/openssl/sha.h ../include/openssl/stack.h -req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -req.o: ../include/openssl/ui.h ../include/openssl/x509.h -req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c +req.o: ../include/openssl/store.h ../include/openssl/symhacks.h +req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +req.o: ../include/openssl/x509v3.h apps.h req.c rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -706,9 +723,10 @@ rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h rsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c +rsa.o: ../include/openssl/stack.h ../include/openssl/store.h +rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +rsa.o: ../include/openssl/x509_vfy.h apps.h rsa.c rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -723,10 +741,10 @@ rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h rsautl.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsautl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -rsautl.o: rsautl.c +rsautl.o: ../include/openssl/stack.h ../include/openssl/store.h +rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsautl.o: ../include/openssl/ui.h ../include/openssl/x509.h +rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -744,10 +762,11 @@ s_cb.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_cb.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c +s_cb.o: ../include/openssl/stack.h ../include/openssl/store.h +s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h +s_cb.o: s_cb.c s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -765,10 +784,11 @@ s_client.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_client.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c +s_client.o: ../include/openssl/stack.h ../include/openssl/store.h +s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_client.o: s_apps.h s_client.c s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -786,10 +806,11 @@ s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c +s_server.o: ../include/openssl/stack.h ../include/openssl/store.h +s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_server.o: s_apps.h s_server.c s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -807,10 +828,11 @@ s_socket.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_socket.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c +s_socket.o: ../include/openssl/stack.h ../include/openssl/store.h +s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_socket.o: s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -828,10 +850,11 @@ s_time.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_time.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c +s_time.o: ../include/openssl/stack.h ../include/openssl/store.h +s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_time.o: s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -849,10 +872,11 @@ sess_id.o: ../include/openssl/rand.h ../include/openssl/rsa.h sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -sess_id.o: ../include/openssl/ui.h ../include/openssl/x509.h -sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c +sess_id.o: ../include/openssl/stack.h ../include/openssl/store.h +sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +sess_id.o: sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -867,9 +891,10 @@ smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h smime.o: ../include/openssl/rand.h ../include/openssl/rsa.h smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h -smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -smime.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c +smime.o: ../include/openssl/stack.h ../include/openssl/store.h +smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +smime.o: ../include/openssl/ui.h ../include/openssl/x509.h +smime.o: ../include/openssl/x509_vfy.h apps.h smime.c speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -891,10 +916,10 @@ speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h speed.o: ../include/openssl/sha.h ../include/openssl/stack.h -speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c -speed.o: testdsa.h testrsa.h +speed.o: ../include/openssl/store.h ../include/openssl/symhacks.h +speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -909,9 +934,10 @@ spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h spkac.o: ../include/openssl/rand.h ../include/openssl/rsa.h spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h -spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -spkac.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c +spkac.o: ../include/openssl/stack.h ../include/openssl/store.h +spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +spkac.o: ../include/openssl/ui.h ../include/openssl/x509.h +spkac.o: ../include/openssl/x509_vfy.h apps.h spkac.c verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -926,10 +952,11 @@ verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h verify.o: ../include/openssl/rand.h ../include/openssl/rsa.h verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h -verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -verify.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -verify.o: ../include/openssl/x509v3.h apps.h verify.c +verify.o: ../include/openssl/stack.h ../include/openssl/store.h +verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +verify.o: ../include/openssl/ui.h ../include/openssl/x509.h +verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +verify.o: verify.c version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h version.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -946,10 +973,11 @@ version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h version.o: ../include/openssl/rc4.h ../include/openssl/rsa.h version.o: ../include/openssl/safestack.h ../include/openssl/sha.h -version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -version.o: ../include/openssl/x509_vfy.h apps.h version.c +version.o: ../include/openssl/stack.h ../include/openssl/store.h +version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +version.o: version.c x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -964,7 +992,7 @@ x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h x509.o: ../include/openssl/rand.h ../include/openssl/rsa.h x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h -x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -x509.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -x509.o: ../include/openssl/x509v3.h apps.h x509.c +x509.o: ../include/openssl/stack.h ../include/openssl/store.h +x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +x509.o: ../include/openssl/ui.h ../include/openssl/x509.h +x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c diff --git a/apps/apps.c b/apps/apps.c index ac9e3daa5e..47b59b4545 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -126,16 +126,6 @@ #include <openssl/engine.h> #endif -#ifdef OPENSSL_SYS_WINDOWS -#define strcasecmp _stricmp -#else -# ifdef NO_STRINGS_H - int strcasecmp(); -# else -# include <strings.h> -# endif /* NO_STRINGS_H */ -#endif - #define NON_MAIN #include "apps.h" #undef NON_MAIN @@ -260,7 +250,7 @@ int str2fmt(char *s) return(FORMAT_UNDEF); } -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE) void program_name(char *in, char *out, int size) { int i,n; @@ -279,12 +269,23 @@ void program_name(char *in, char *out, int size) if (p == NULL) p=in; n=strlen(p); + +#if defined(OPENSSL_SYS_NETWARE) + /* strip off trailing .nlm if present. */ + if ((n > 4) && (p[n-4] == '.') && + ((p[n-3] == 'n') || (p[n-3] == 'N')) && + ((p[n-2] == 'l') || (p[n-2] == 'L')) && + ((p[n-1] == 'm') || (p[n-1] == 'M'))) + n-=4; +#else /* strip off trailing .exe if present. */ if ((n > 4) && (p[n-4] == '.') && ((p[n-3] == 'e') || (p[n-3] == 'E')) && ((p[n-2] == 'x') || (p[n-2] == 'X')) && ((p[n-1] == 'e') || (p[n-1] == 'E'))) n-=4; +#endif + if (n > size-1) n=size-1; @@ -378,22 +379,6 @@ int WIN32_rename(char *from, char *to) } #endif -#ifdef OPENSSL_SYS_VMS -int VMS_strcasecmp(const char *str1, const char *str2) - { - while (*str1 && *str2) - { - int res = toupper(*str1) - toupper(*str2); - if (res) return res < 0 ? -1 : 1; - } - if (*str1) - return 1; - if (*str2) - return -1; - return 0; - } -#endif - int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { int num,len,i; @@ -501,7 +486,7 @@ static int ui_read(UI *ui, UI_STRING *uis) { const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password[0] != '\0') + if (password && password[0] != '\0') { UI_set_result(ui, uis, password); return 1; @@ -525,7 +510,7 @@ static int ui_write(UI *ui, UI_STRING *uis) { const char *password = ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password[0] != '\0') + if (password && password[0] != '\0') return 1; } default: @@ -1411,14 +1396,16 @@ int load_config(BIO *err, CONF *cnf) char *make_config_name() { const char *t=X509_get_default_cert_area(); + size_t len; char *p; - p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2); - strcpy(p,t); + len=strlen(t)+strlen(OPENSSL_CONF)+2; + p=OPENSSL_malloc(len); + BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS - strcat(p,"/"); + BUF_strlcat(p,"/",len); #endif - strcat(p,OPENSSL_CONF); + BUF_strlcat(p,OPENSSL_CONF,len); return p; } @@ -1722,22 +1709,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); #endif - switch(*p) - { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - retdb->attributes.unique_subject = 0; - break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - default: - retdb->attributes.unique_subject = 1; - break; - } + retdb->attributes.unique_subject = parse_yesno(p,1); } } @@ -1976,3 +1948,169 @@ void free_index(CA_DB *db) OPENSSL_free(db); } } + +int parse_yesno(char *str, int def) + { + int ret = def; + if (str) + { + switch (*str) + { + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + case '0': /* 0 */ + ret = 0; + break; + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + case '1': /* 1 */ + ret = 0; + break; + default: + ret = def; + break; + } + } + return ret; + } + +/* + * subject is expected to be in the format /type0=value0/type1=value1/type2=... + * where characters may be escaped by \ + */ +X509_NAME *parse_name(char *subject, long chtype, int multirdn) + { + size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ + char *buf = OPENSSL_malloc(buflen); + size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ + char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); + char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); + int *mval = OPENSSL_malloc (max_ne * sizeof (int)); + + char *sp = subject, *bp = buf; + int i, ne_num = 0; + + X509_NAME *n = NULL; + int nid; + + if (!buf || !ne_types || !ne_values) + { + BIO_printf(bio_err, "malloc error\n"); + goto error; + } + + if (*subject != '/') + { + BIO_printf(bio_err, "Subject does not start with '/'.\n"); + goto error; + } + sp++; /* skip leading / */ + + /* no multivalued RDN by default */ + mval[ne_num] = 0; + + while (*sp) + { + /* collect type */ + ne_types[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') /* is there anything to escape in the type...? */ + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '=') + { + sp++; + *bp++ = '\0'; + break; + } + else + *bp++ = *sp++; + } + if (!*sp) + { + BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); + goto error; + } + ne_values[ne_num] = bp; + while (*sp) + { + if (*sp == '\\') + { + if (*++sp) + *bp++ = *sp++; + else + { + BIO_printf(bio_err, "escape character at end of string\n"); + goto error; + } + } + else if (*sp == '/') + { + sp++; + /* no multivalued RDN by default */ + mval[ne_num+1] = 0; + break; + } + else if (*sp == '+' && multirdn) + { + /* a not escaped + signals a mutlivalued RDN */ + sp++; + mval[ne_num+1] = -1; + break; + } + else + *bp++ = *sp++; + } + *bp++ = '\0'; + ne_num++; + } + + if (!(n = X509_NAME_new())) + goto error; + + for (i = 0; i < ne_num; i++) + { + if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) + { + BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); + continue; + } + + if (!*ne_values[i]) + { + BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); + continue; + } + + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) + goto error; + } + + OPENSSL_free(ne_values); + OPENSSL_free(ne_types); + OPENSSL_free(buf); + return n; + +error: + X509_NAME_free(n); + if (ne_values) + OPENSSL_free(ne_values); + if (ne_types) + OPENSSL_free(ne_types); + if (buf) + OPENSSL_free(buf); + return NULL; +} + diff --git a/apps/apps.h b/apps/apps.h index 8a9c4ab0a0..7edafa4244 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -141,12 +141,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read, int WIN32_rename(char *oldname,char *newname); #endif -/* VMS below version 7.0 doesn't have strcasecmp() */ -#ifdef OPENSSL_SYS_VMS -#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2)) -int VMS_strcasecmp(const char *str1, const char *str2); -#endif - #ifndef MONOLITH #define MAIN(a,v) main(a,v) @@ -168,7 +162,9 @@ extern BIO *bio_err; #endif +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif #ifdef SIGPIPE #define do_pipe_sig() signal(SIGPIPE,SIG_IGN) @@ -319,8 +315,9 @@ int save_index(char *dbfile, char *suffix, CA_DB *db); int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); void free_index(CA_DB *db); int index_name_cmp(const char **a, const char **b); +int parse_yesno(char *str, int def); -X509_NAME *do_subject(char *str, long chtype); +X509_NAME *parse_name(char *str, long chtype, int multirdn); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 @@ -76,16 +76,6 @@ #include <openssl/ocsp.h> #include <openssl/pem.h> -#ifdef OPENSSL_SYS_WINDOWS -#define strcasecmp _stricmp -#else -# ifdef NO_STRINGS_H - int strcasecmp(); -# else -# include <strings.h> -# endif /* NO_STRINGS_H */ -#endif - #ifndef W_OK # ifdef OPENSSL_SYS_VMS # if defined(__DECC) @@ -93,7 +83,7 @@ # else # include <unixlib.h> # endif -# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) +# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) # include <sys/file.h> # endif #endif @@ -122,6 +112,7 @@ #define ENV_NEW_CERTS_DIR "new_certs_dir" #define ENV_CERTIFICATE "certificate" #define ENV_SERIAL "serial" +#define ENV_CRLNUMBER "crlnumber" #define ENV_CRL "crl" #define ENV_PRIVATE_KEY "private_key" #define ENV_RANDFILE "RANDFILE" @@ -140,6 +131,7 @@ #define ENV_NAMEOPT "name_opt" #define ENV_CERTOPT "cert_opt" #define ENV_EXTCOPY "copy_extensions" +#define ENV_UNIQUE_SUBJECT "unique_subject" #define ENV_DATABASE "database" @@ -182,6 +174,7 @@ static char *ca_usage[]={ " -msie_hack - msie modifications to handle all those universal strings\n", " -revoke file - Revoke a certificate (given in file)\n", " -subj arg - Use arg instead of request's subject\n", +" -multivalue-rdn - enable support for multivalued RDNs\n", " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", @@ -202,27 +195,27 @@ extern int EF_ALIGNMENT; static void lookup_fail(char *name,char *tag); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial, char *subj, int email_dn, + CA_DB *db, BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial,char *subj, int email_dn, + CA_DB *db, BIGNUM *serial,char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, @@ -277,14 +270,17 @@ int MAIN(int argc, char **argv) char *outfile=NULL; char *outdir=NULL; char *serialfile=NULL; + char *crlnumberfile=NULL; char *extensions=NULL; char *extfile=NULL; char *subj=NULL; + int multirdn = 0; char *tmp_email_dn=NULL; char *crl_ext=NULL; int rev_type = REV_NONE; char *rev_arg = NULL; BIGNUM *serial=NULL; + BIGNUM *crlnumber=NULL; char *startdate=NULL; char *enddate=NULL; long days=0; @@ -358,6 +354,8 @@ EF_ALIGNMENT=0; subj= *(++argv); /* preserve=1; */ } + else if (strcmp(*argv,"-multivalue-rdn") == 0) + multirdn=1; else if (strcmp(*argv,"-startdate") == 0) { if (--argc < 1) goto bad; @@ -559,16 +557,19 @@ bad: if (configfile == NULL) { const char *s=X509_get_default_cert_area(); + size_t len; #ifdef OPENSSL_SYS_VMS - tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)); + len = strlen(s)+sizeof(CONFIG_FILE); + tofree=OPENSSL_malloc(len); strcpy(tofree,s); #else - tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1); - strcpy(tofree,s); - strcat(tofree,"/"); + len = strlen(s)+sizeof(CONFIG_FILE)+1; + tofree=OPENSSL_malloc(len); + BUF_strlcpy(tofree,s,len); + BUF_strlcat(tofree,"/",len); #endif - strcat(tofree,CONFIG_FILE); + BUF_strlcat(tofree,CONFIG_FILE,len); configfile=tofree; } @@ -641,28 +642,13 @@ bad: app_RAND_load_file(randfile, bio_err, 0); db_attr.unique_subject = 1; - p = NCONF_get_string(conf, section, "unique_subject"); + p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); if (p) { #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); #endif - switch(*p) - { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - db_attr.unique_subject = 0; - break; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - default: - db_attr.unique_subject = 1; - break; - } + db_attr.unique_subject = parse_yesno(p,1); } #ifdef RL_DEBUG else @@ -1141,7 +1127,7 @@ bad: { total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,extensions, + serial,subj,multirdn,email_dn,startdate,enddate,days,extensions, conf,verbose,certopt,nameopt,default_op,ext_copy); if (j < 0) goto err; if (j > 0) @@ -1165,7 +1151,7 @@ bad: { total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, - db,serial,subj,email_dn,startdate,enddate,days,batch, + db,serial,subj,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, e); if (j < 0) goto err; @@ -1185,7 +1171,7 @@ bad: { total++; j=certify(&x,infile,pkey,x509p,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,batch, + serial,subj,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); if (j < 0) goto err; @@ -1205,7 +1191,7 @@ bad: { total++; j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db, - serial,subj,email_dn,startdate,enddate,days,batch, + serial,subj,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); if (j < 0) goto err; @@ -1253,7 +1239,7 @@ bad: for (i=0; i<sk_X509_num(cert_sk); i++) { int k; - unsigned char *n; + char *n; x=sk_X509_value(cert_sk,i); @@ -1269,15 +1255,19 @@ bad: strcpy(buf[2],outdir); #ifndef OPENSSL_SYS_VMS - strcat(buf[2],"/"); + BUF_strlcat(buf[2],"/",sizeof(buf[2])); #endif - n=(unsigned char *)&(buf[2][strlen(buf[2])]); + n=(char *)&(buf[2][strlen(buf[2])]); if (j > 0) { for (k=0; k<j; k++) { - sprintf((char *)n,"%02X",(unsigned char)*(p++)); + if (n >= &(buf[2][sizeof(buf[2])])) + break; + BIO_snprintf(n, + &buf[2][0] + sizeof(buf[2]) - n, + "%02X",(unsigned char)*(p++)); n+=2; } } @@ -1337,6 +1327,14 @@ bad: } } + if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER)) + != NULL) + if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL) + { + BIO_printf(bio_err,"error while loading CRL number\n"); + goto err; + } + if (!crldays && !crlhours) { if (!NCONF_get_number(conf,section, @@ -1418,14 +1416,24 @@ bad: /* Add any extensions asked for */ - if (crl_ext) + if (crl_ext || crlnumberfile != NULL) { X509V3_CTX crlctx; X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); X509V3_set_nconf(&crlctx, conf); - if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, - crl_ext, crl)) goto err; + if (crl_ext) + if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, + crl_ext, crl)) goto err; + if (crlnumberfile != NULL) + { + tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL); + if (!tmpser) goto err; + X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0); + ASN1_INTEGER_free(tmpser); + crl_v2 = 1; + if (!BN_add_word(crlnumber,1)) goto err; + } } if (crl_ext || crl_v2) { @@ -1433,9 +1441,17 @@ bad: goto err; /* version 2 CRL */ } + + if (crlnumberfile != NULL) /* we have a CRL number that need updating */ + if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; + if (!X509_CRL_sign(crl,pkey,dgst)) goto err; PEM_write_bio_X509_CRL(Sout,crl); + + if (crlnumberfile != NULL) /* Rename the crlnumber file */ + if (!rotate_serial(crlnumberfile,"new","old")) goto err; + } /*****************************************************************/ if (dorevoke) @@ -1498,7 +1514,7 @@ static void lookup_fail(char *name, char *tag) static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) @@ -1554,7 +1570,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, else BIO_printf(bio_err,"Signature ok\n"); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, multirdn, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, selfsign); @@ -1566,7 +1582,7 @@ err: static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e) @@ -1608,7 +1624,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); @@ -1620,6 +1636,7 @@ err: static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, + int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, @@ -1652,7 +1669,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (subj) { - X509_NAME *n = do_subject(subj, MBSTRING_ASC); + X509_NAME *n = parse_name(subj, MBSTRING_ASC, multirdn); if (!n) { @@ -2117,7 +2134,7 @@ again2: BIO_printf(bio_err,"Memory allocation failure\n"); goto err; } - strcpy(row[DB_file],"unknown"); + BUF_strlcpy(row[DB_file],"unknown",8); row[DB_type][0]='V'; row[DB_type][1]='\0'; @@ -2189,7 +2206,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -2330,7 +2347,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); err: @@ -2418,7 +2435,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) BIO_printf(bio_err,"Memory allocation failure\n"); goto err; } - strcpy(row[DB_file],"unknown"); + BUF_strlcpy(row[DB_file],"unknown",8); row[DB_type][0]='V'; row[DB_type][1]='\0'; @@ -2742,16 +2759,16 @@ char *make_revocation_str(int rev_type, char *rev_arg) if (!str) return NULL; - strcpy(str, (char *)revtm->data); + BUF_strlcpy(str, (char *)revtm->data, i); if (reason) { - strcat(str, ","); - strcat(str, reason); + BUF_strlcat(str, ",", i); + BUF_strlcat(str, reason, i); } if (other) { - strcat(str, ","); - strcat(str, other); + BUF_strlcat(str, ",", i); + BUF_strlcat(str, other, i); } ASN1_UTCTIME_free(revtm); return str; @@ -2819,129 +2836,6 @@ int make_revoked(X509_REVOKED *rev, char *str) return ret; } -/* - * subject is expected to be in the format /type0=value0/type1=value1/type2=... - * where characters may be escaped by \ - */ -X509_NAME *do_subject(char *subject, long chtype) - { - size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ - char *buf = OPENSSL_malloc(buflen); - size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ - char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); - char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); - - char *sp = subject, *bp = buf; - int i, ne_num = 0; - - X509_NAME *n = NULL; - int nid; - - if (!buf || !ne_types || !ne_values) - { - BIO_printf(bio_err, "malloc error\n"); - goto error; - } - - if (*subject != '/') - { - BIO_printf(bio_err, "Subject does not start with '/'.\n"); - goto error; - } - sp++; /* skip leading / */ - - while (*sp) - { - /* collect type */ - ne_types[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') /* is there anything to escape in the type...? */ - { - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error; - } - } - else if (*sp == '=') - { - sp++; - *bp++ = '\0'; - break; - } - else - *bp++ = *sp++; - } - if (!*sp) - { - BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); - goto error; - } - ne_values[ne_num] = bp; - while (*sp) - { - if (*sp == '\\') - { - if (*++sp) - *bp++ = *sp++; - else - { - BIO_printf(bio_err, "escape character at end of string\n"); - goto error; - } - } - else if (*sp == '/') - { - sp++; - break; - } - else - *bp++ = *sp++; - } - *bp++ = '\0'; - ne_num++; - } - - if (!(n = X509_NAME_new())) - goto error; - - for (i = 0; i < ne_num; i++) - { - if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) - { - BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); - continue; - } - - if (!*ne_values[i]) - { - BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); - continue; - } - - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0)) - goto error; - } - - OPENSSL_free(ne_values); - OPENSSL_free(ne_types); - OPENSSL_free(buf); - return n; - -error: - X509_NAME_free(n); - if (ne_values) - OPENSSL_free(ne_values); - if (ne_types) - OPENSSL_free(ne_types); - if (buf) - OPENSSL_free(buf); - return NULL; -} - int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) { char buf[25],*pbuf, *p; @@ -2986,7 +2880,8 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G char *tmp = NULL; char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; int reason_code = -1; - int i, ret = 0; + int ret = 0; + unsigned int i; ASN1_OBJECT *hold = NULL; ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); @@ -3086,4 +2981,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G return ret; } - diff --git a/apps/dgst.c b/apps/dgst.c index 47d1309b14..be25dafef7 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -347,8 +347,9 @@ int MAIN(int argc, char **argv) } if(!out_bin) { - tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5); - sprintf(tmp,"%s(%s)= ",name,argv[i]); + size_t len = strlen(name)+strlen(argv[i])+5; + tmp=tofree=OPENSSL_malloc(len); + BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]); } else tmp=""; diff --git a/apps/dhparam.c b/apps/dhparam.c index dc00355b95..e3cabcfcdc 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -142,7 +142,7 @@ * -C */ -static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -294,6 +294,8 @@ bad: if(num) { + BN_GENCB cb; + BN_GENCB_set(&cb, dh_cb, bio_err); if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); @@ -305,12 +307,13 @@ bad: #ifndef OPENSSL_NO_DSA if (dsaparam) { - DSA *dsa; + DSA *dsa = DSA_new(); BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); - dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err); - if (dsa == NULL) + if(!dsa || !DSA_generate_parameters_ex(dsa, num, + NULL, 0, NULL, NULL, &cb)) { + if(dsa) DSA_free(dsa); ERR_print_errors(bio_err); goto end; } @@ -326,12 +329,12 @@ bad: else #endif { + dh = DH_new(); BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); - dh=DH_generate_parameters(num,g,dh_cb,bio_err); - - if (dh == NULL) + if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) { + if(dh) DH_free(dh); ERR_print_errors(bio_err); goto end; } @@ -534,7 +537,7 @@ end: } /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ -static void MS_CALLBACK dh_cb(int p, int n, void *arg) +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -542,11 +545,12 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/apps/enc.c b/apps/enc.c index 7117a9c4ec..4261267e97 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -373,9 +373,9 @@ bad: { char buf[200]; - sprintf(buf,"enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(cipher)), - (enc)?"encryption":"decryption"); + BIO_snprintf(buf,sizeof buf,"enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc)?"encryption":"decryption"); strbuf[0]='\0'; i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); if (i == 0) @@ -534,7 +534,7 @@ bad: if (!nosalt) { printf("salt="); - for (i=0; i<sizeof salt; i++) + for (i=0; i<(int)sizeof(salt); i++) printf("%02X",salt[i]); printf("\n"); } diff --git a/apps/engine.c b/apps/engine.c index feee965325..b951254612 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -123,8 +123,8 @@ static int append_buf(char **buf, const char *s, int *size, int step) return 0; if (**buf != '\0') - strcat(*buf, ", "); - strcat(*buf, s); + BUF_strlcat(*buf, ", ", *size); + BUF_strlcat(*buf, s, *size); return 1; } diff --git a/apps/gendh.c b/apps/gendh.c index b90087493a..69baa50b01 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -81,12 +81,13 @@ #undef PROG #define PROG gendh_main -static void MS_CALLBACK dh_cb(int p, int n, void *arg); +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif @@ -102,6 +103,7 @@ int MAIN(int argc, char **argv) apps_startup(); + BN_GENCB_set(&cb, dh_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); @@ -199,10 +201,10 @@ bad: BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); - dh=DH_generate_parameters(num,g,dh_cb,bio_err); - - if (dh == NULL) goto end; + if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) + goto end; + app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DHparams(out,dh)) @@ -217,7 +219,7 @@ end: OPENSSL_EXIT(ret); } -static void MS_CALLBACK dh_cb(int p, int n, void *arg) +static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -225,10 +227,11 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/apps/genrsa.c b/apps/genrsa.c index 0ce23946ef..85da98d45d 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -81,12 +81,13 @@ #undef PROG #define PROG genrsa_main -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg); +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); int MAIN(int argc, char **argv) { + BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif @@ -105,6 +106,7 @@ int MAIN(int argc, char **argv) BIO *out=NULL; apps_startup(); + BN_GENCB_set(&cb, genrsa_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) @@ -239,7 +241,9 @@ bad: BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); - rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); + + if(((rsa = RSA_new()) == NULL) || !RSA_generate_key_ex(rsa, num, f4, &cb)) + goto err; app_RAND_write_file(NULL, bio_err); @@ -277,7 +281,7 @@ err: OPENSSL_EXIT(ret); } -static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) +static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -285,11 +289,12 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #else /* !OPENSSL_NO_RSA */ diff --git a/apps/ocsp.c b/apps/ocsp.c index 0cf4aad3f8..9c8e20d35a 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -123,6 +123,7 @@ int MAIN(int argc, char **argv) int accept_count = -1; int badarg = 0; int i; + int ignore_err = 0; STACK *reqnames = NULL; STACK_OF(OCSP_CERTID) *ids = NULL; @@ -182,6 +183,8 @@ int MAIN(int argc, char **argv) } else badarg = 1; } + else if (!strcmp(*args, "-ignore_err")) + ignore_err = 1; else if (!strcmp(*args, "-noverify")) noverify = 1; else if (!strcmp(*args, "-nonce")) @@ -783,6 +786,8 @@ int MAIN(int argc, char **argv) { BIO_printf(out, "Responder Error: %s (%d)\n", OCSP_response_status_str(i), i); + if (ignore_err) + goto redo_accept; ret = 0; goto end; } diff --git a/apps/openssl.c b/apps/openssl.c index 86d9fc51bc..9f85495075 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -175,7 +175,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) goto err; } - if (type < 0 || type > CRYPTO_NUM_LOCKS) + if (type < 0 || type >= CRYPTO_NUM_LOCKS) { errstr = "type out of bounds"; goto err; diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 2696044cf1..8941f454f8 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -44,6 +44,8 @@ new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file @@ -60,6 +62,7 @@ cert_opt = ca_default # Certificate field options # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for diff --git a/apps/passwd.c b/apps/passwd.c index 3ad91d89d6..b9d9d7a36a 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -312,7 +312,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; - int n, i; + int n; + unsigned int i; EVP_MD_CTX md,md2; size_t passwd_len, salt_len; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 385011b457..cbd933667b 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -551,7 +551,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "Can't read Password\n"); goto export_end; } - if (!twopass) strcpy(macpass, pass); + if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -613,7 +613,7 @@ int MAIN(int argc, char **argv) CRYPTO_pop_info(); #endif - if (!twopass) strcpy(macpass, pass); + if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); if(macver) { diff --git a/apps/pkcs8.c b/apps/pkcs8.c index ee8cf02813..43a8284847 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -232,11 +232,14 @@ int MAIN(int argc, char **argv) pkey = load_key(bio_err, infile, informat, 1, passin, e, "key"); if (!pkey) { + BIO_free_all(out); return (1); } if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) { BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } if(nocrypt) { @@ -246,6 +249,9 @@ int MAIN(int argc, char **argv) i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); else { BIO_printf(bio_err, "Bad format specified for key\n"); + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } } else { @@ -253,7 +259,12 @@ int MAIN(int argc, char **argv) else { p8pass = pass; if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) + { + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); + } } app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, @@ -261,6 +272,9 @@ int MAIN(int argc, char **argv) NULL, 0, iter, p8inf))) { BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } app_RAND_write_file(NULL, bio_err); @@ -270,6 +284,9 @@ int MAIN(int argc, char **argv) i2d_PKCS8_bio(out, p8); else { BIO_printf(bio_err, "Bad format specified for key\n"); + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } X509_SIG_free(p8); diff --git a/apps/rand.c b/apps/rand.c index 63724bc730..a893896033 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -205,7 +205,7 @@ int MAIN(int argc, char **argv) int chunk; chunk = num; - if (chunk > sizeof buf) + if (chunk > (int)sizeof(buf)) chunk = sizeof buf; r = RAND_bytes(buf, chunk); if (r <= 0) diff --git a/apps/req.c b/apps/req.c index 80b623c506..c4594c490c 100644 --- a/apps/req.c +++ b/apps/req.c @@ -119,9 +119,10 @@ * require. This format is wrong */ -static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs, - unsigned long chtype); -static int build_subject(X509_REQ *req, char *subj, unsigned long chtype); +static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn, + int attribs,unsigned long chtype); +static int build_subject(X509_REQ *req, char *subj, unsigned long chtype, + int multirdn); static int prompt_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, @@ -135,7 +136,7 @@ static int add_attribute_object(X509_REQ *req, char *text, static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, int nid,int n_min,int n_max, unsigned long chtype, int mval); #ifndef OPENSSL_NO_RSA -static void MS_CALLBACK req_cb(int p,int n,void *arg); +static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb); #endif static int req_check_len(int len,int n_min,int n_max); static int check_end(char *str, char *end); @@ -185,6 +186,7 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *p; char *subj = NULL; + int multirdn = 0; const EVP_MD *md_alg=NULL,*digest=EVP_md5(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH @@ -440,6 +442,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; subj= *(++argv); } + else if (strcmp(*argv,"-multivalue-rdn") == 0) + multirdn=1; else if (strcmp(*argv,"-days") == 0) { if (--argc < 1) goto bad; @@ -511,6 +515,7 @@ bad: BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); BIO_printf(bio_err," -config file request template file.\n"); BIO_printf(bio_err," -subj arg set or modify request subject\n"); + BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n"); BIO_printf(bio_err," -new new request.\n"); BIO_printf(bio_err," -batch do not ask anything during request generation\n"); BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); @@ -712,6 +717,7 @@ bad: if (newreq && (pkey == NULL)) { + BN_GENCB cb; char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); @@ -738,12 +744,16 @@ bad: if ((pkey=EVP_PKEY_new()) == NULL) goto end; #ifndef OPENSSL_NO_RSA + BN_GENCB_set(&cb, req_cb, bio_err); if (pkey_type == TYPE_RSA) { - if (!EVP_PKEY_assign_RSA(pkey, - RSA_generate_key(newkey,0x10001, - req_cb,bio_err))) + RSA *rsa = RSA_new(); + if(!rsa || !RSA_generate_key_ex(rsa, newkey, 0x10001, &cb) || + !EVP_PKEY_assign_RSA(pkey, rsa)) + { + if(rsa) RSA_free(rsa); goto end; + } } else #endif @@ -882,7 +892,7 @@ loop: goto end; } - i=make_REQ(req,pkey,subj,!x509, chtype); + i=make_REQ(req,pkey,subj,multirdn,!x509, chtype); subj=NULL; /* done processing '-subj' option */ if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) { @@ -902,7 +912,7 @@ loop: if ((x509ss=X509_new()) == NULL) goto end; /* Set version to V3 */ - if(!X509_set_version(x509ss, 2)) goto end; + if(extensions && !X509_set_version(x509ss, 2)) goto end; if (serial) { if (!X509_set_serialNumber(x509ss, serial)) goto end; @@ -975,7 +985,7 @@ loop: print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); } - if (build_subject(req, subj, chtype) == 0) + if (build_subject(req, subj, chtype, multirdn) == 0) { BIO_printf(bio_err, "ERROR: cannot modify subject\n"); ex=1; @@ -1166,8 +1176,8 @@ end: OPENSSL_EXIT(ex); } -static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, - unsigned long chtype) +static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, + int attribs, unsigned long chtype) { int ret=0,i; char no_prompt = 0; @@ -1217,7 +1227,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, else { if (subj) - i = build_subject(req, subj, chtype); + i = build_subject(req, subj, chtype, multirdn); else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype); } @@ -1234,11 +1244,11 @@ err: * subject is expected to be in the format /type0=value0/type1=value1/type2=... * where characters may be escaped by \ */ -static int build_subject(X509_REQ *req, char *subject, unsigned long chtype) +static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn) { X509_NAME *n; - if (!(n = do_subject(subject, chtype))) + if (!(n = parse_name(subject, chtype, multirdn))) return 0; if (!X509_REQ_set_subject_name(req, n)) @@ -1311,34 +1321,34 @@ start: for (;;) mval = 0; /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; - - if(strlen(v->name) > sizeof buf-9) + if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name) + >= sizeof buf) { BIO_printf(bio_err,"Name '%s' too long\n",v->name); return 0; } - sprintf(buf,"%s_default",v->name); if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); def=""; } - sprintf(buf,"%s_value",v->name); + + BIO_snprintf(buf,sizeof buf,"%s_value",v->name); if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); value=NULL; } - sprintf(buf,"%s_min",v->name); + BIO_snprintf(buf,sizeof buf,"%s_min",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) { ERR_clear_error(); n_min = -1; } - sprintf(buf,"%s_max",v->name); + BIO_snprintf(buf,sizeof buf,"%s_max",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) { ERR_clear_error(); @@ -1376,13 +1386,13 @@ start2: for (;;) if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start2; - if(strlen(v->name) > sizeof buf-9) + if (BIO_snprintf(buf,sizeof buf,"%s_default",type) + >= sizeof buf) { BIO_printf(bio_err,"Name '%s' too long\n",v->name); return 0; } - sprintf(buf,"%s_default",type); if ((def=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) { @@ -1391,7 +1401,7 @@ start2: for (;;) } - sprintf(buf,"%s_value",type); + BIO_snprintf(buf,sizeof buf,"%s_value",type); if ((value=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) { @@ -1399,11 +1409,11 @@ start2: for (;;) value=NULL; } - sprintf(buf,"%s_min",type); + BIO_snprintf(buf,sizeof buf,"%s_min",type); if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) n_min = -1; - sprintf(buf,"%s_max",type); + BIO_snprintf(buf,sizeof buf,"%s_max",type); if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) n_max = -1; @@ -1497,9 +1507,8 @@ start: (void)BIO_flush(bio_err); if(value != NULL) { - OPENSSL_assert(strlen(value) < sizeof buf-2); - strcpy(buf,value); - strcat(buf,"\n"); + BUF_strlcpy(buf,value,sizeof buf); + BUF_strlcat(buf,"\n",sizeof buf); BIO_printf(bio_err,"%s\n",value); } else @@ -1521,8 +1530,8 @@ start: { if ((def == NULL) || (def[0] == '\0')) return(1); - strcpy(buf,def); - strcat(buf,"\n"); + BUF_strlcpy(buf,def,sizeof buf); + BUF_strlcat(buf,"\n",sizeof buf); } else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); @@ -1556,9 +1565,8 @@ start: (void)BIO_flush(bio_err); if (value != NULL) { - OPENSSL_assert(strlen(value) < sizeof buf-2); - strcpy(buf,value); - strcat(buf,"\n"); + BUF_strlcpy(buf,value,sizeof buf); + BUF_strlcat(buf,"\n",sizeof buf); BIO_printf(bio_err,"%s\n",value); } else @@ -1580,8 +1588,8 @@ start: { if ((def == NULL) || (def[0] == '\0')) return(1); - strcpy(buf,def); - strcat(buf,"\n"); + BUF_strlcpy(buf,def,sizeof buf); + BUF_strlcat(buf,"\n",sizeof buf); } else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); @@ -1610,7 +1618,7 @@ err: } #ifndef OPENSSL_NO_RSA -static void MS_CALLBACK req_cb(int p, int n, void *arg) +static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -1618,11 +1626,12 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/apps/rsautl.c b/apps/rsautl.c index 5a6fd115f4..5db6fe7cd7 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -97,6 +97,7 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey = NULL; RSA *rsa = NULL; unsigned char *rsa_in = NULL, *rsa_out = NULL, pad; + char *passargin = NULL, *passin = NULL; int rsa_inlen, rsa_outlen = 0; int keysize; @@ -124,6 +125,9 @@ int MAIN(int argc, char **argv) } else if(!strcmp(*argv, "-inkey")) { if (--argc < 1) badarg = 1; keyfile = *(++argv); + } else if (!strcmp(*argv,"-passin")) { + if (--argc < 1) badarg = 1; + passargin= *(++argv); } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) badarg = 1; keyform=str2fmt(*(++argv)); @@ -169,6 +173,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif + if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + BIO_printf(bio_err, "Error getting password\n"); + goto end; + } /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); @@ -176,7 +184,7 @@ int MAIN(int argc, char **argv) switch(key_type) { case KEY_PRIVKEY: pkey = load_key(bio_err, keyfile, keyform, 0, - NULL, e, "Private Key"); + passin, e, "Private Key"); break; case KEY_PUBKEY: @@ -290,6 +298,7 @@ int MAIN(int argc, char **argv) BIO_free_all(out); if(rsa_in) OPENSSL_free(rsa_in); if(rsa_out) OPENSSL_free(rsa_out); + if(passin) OPENSSL_free(passin); return ret; } @@ -313,6 +322,7 @@ static void usage() BIO_printf(bio_err, "-hexdump hex dump output\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); + BIO_printf (bio_err, "-passin arg pass phrase source\n"); #endif } diff --git a/apps/s_apps.h b/apps/s_apps.h index ff18a72fe0..f4c85aa81f 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -108,10 +108,19 @@ * Hudson (tjh@cryptsoft.com). * */ - +#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ #include <sys/types.h> +#endif #include <openssl/opensslconf.h> +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#include <conio.h> +#endif + +#ifdef OPENSSL_SYS_MSDOS +#define _kbhit kbhit +#endif + #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET) /* VAX C does not defined fd_set and friends, but it's actually quite simple */ /* These definitions are borrowed from SOCKETSHR. /Richard Levitte */ diff --git a/apps/s_cb.c b/apps/s_cb.c index 1410178d65..28f8acc1e3 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -240,14 +240,14 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", - bio,argp,argi,ret,ret); + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", - bio,argp,argi,ret,ret); + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); } return(ret); diff --git a/apps/s_client.c b/apps/s_client.c index 7fea212e15..d32d5a69e8 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -136,14 +136,10 @@ typedef unsigned int u_int; #include <openssl/rand.h> #include "s_apps.h" -#ifdef OPENSSL_SYS_WINDOWS -#include <conio.h> -#endif - #ifdef OPENSSL_SYS_VMS #include "term_sock.h" #endif - + #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ #ifdef fileno @@ -225,7 +221,7 @@ static void sc_usage(void) BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); BIO_printf(bio_err," for those protocols that support it, where\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); - BIO_printf(bio_err," only \"smtp\" is supported.\n"); + BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); #endif @@ -255,7 +251,7 @@ int MAIN(int argc, char **argv) int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; SSL_CTX *ctx=NULL; int ret=1,in_init=1,i,nbio_test=0; - int smtp_starttls = 0; + int starttls_proto = 0; int prexit = 0, vflags = 0; SSL_METHOD *meth=NULL; BIO *sbio; @@ -264,7 +260,7 @@ int MAIN(int argc, char **argv) char *engine_id=NULL; ENGINE *e=NULL; #endif -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif #ifdef OPENSSL_SYS_VMS @@ -424,7 +420,9 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; ++argv; if (strcmp(*argv,"smtp") == 0) - smtp_starttls = 1; + starttls_proto = 1; + else if (strcmp(*argv,"pop3") == 0) + starttls_proto = 2; else goto bad; } @@ -601,12 +599,18 @@ re_start: sbuf_off=0; /* This is an ugly hack that does a lot of assumptions */ - if (smtp_starttls) + if (starttls_proto == 1) { BIO_read(sbio,mbuf,BUFSIZZ); BIO_printf(sbio,"STARTTLS\r\n"); BIO_read(sbio,sbuf,BUFSIZZ); } + if (starttls_proto == 2) + { + BIO_read(sbio,mbuf,BUFSIZZ); + BIO_printf(sbio,"STLS\r\n"); + BIO_read(sbio,sbuf,BUFSIZZ); + } for (;;) { @@ -627,11 +631,11 @@ re_start: print_stuff(bio_c_out,con,full_log); if (full_log > 0) full_log--; - if (smtp_starttls) + if (starttls_proto) { BIO_printf(bio_err,"%s",mbuf); /* We don't need to know any more */ - smtp_starttls = 0; + starttls_proto = 0; } if (reconnect) @@ -650,7 +654,7 @@ re_start: if (!ssl_pending) { -#ifndef OPENSSL_SYS_WINDOWS +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) if (tty_on) { #ifdef OPENSSL_SYS_VMS @@ -681,8 +685,8 @@ re_start: * will choke the compiler: if you do have a cast then * you can either go for (int *) or (void *). */ -#ifdef OPENSSL_SYS_WINDOWS - /* Under Windows we make the assumption that we can +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) + /* Under Windows/DOS we make the assumption that we can * always write to the tty: therefore if we need to * write to the tty we just fall through. Otherwise * we timeout the select every second and see if there @@ -696,7 +700,7 @@ re_start: tv.tv_usec = 0; i=select(width,(void *)&readfds,(void *)&writefds, NULL,&tv); -#ifdef OPENSSL_SYS_WINCE +#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) if(!i && (!_kbhit() || !read_tty) ) continue; #else if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue; @@ -784,8 +788,13 @@ re_start: goto shut; } } +<<<<<<< s_client.c #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VMS) /* Assume Windows/DOS and VMS can always write */ +======= +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) + /* Assume Windows/DOS can always write */ +>>>>>>> 1.67 else if (!ssl_pending && write_tty) #else else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) @@ -865,12 +874,14 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 } } -#ifdef OPENSSL_SYS_WINDOWS -#ifdef OPENSSL_SYS_WINCE +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) else if (_kbhit()) #else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) #endif +#elif defined (OPENSSL_SYS_NETWARE) + else if (_kbhit()) #else #ifdef OPENSSL_SYS_VMS else if (FD_ISSET(stdin_sock,&readfds)) @@ -973,6 +984,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) SSL_CIPHER *c; X509_NAME *xn; int j,i; + const COMP_METHOD *comp, *expansion; if (full) { @@ -1075,6 +1087,12 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } + comp=SSL_get_current_compression(s); + expansion=SSL_get_current_expansion(s); + BIO_printf(bio,"Compression: %s\n", + comp ? SSL_COMP_get_name(comp) : "NONE"); + BIO_printf(bio,"Expansion: %s\n", + expansion ? SSL_COMP_get_name(expansion) : "NONE"); SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) diff --git a/apps/s_server.c b/apps/s_server.c index c857e47b97..449453f066 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -124,13 +124,17 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <sys/types.h> + #include <sys/stat.h> #include <openssl/e_os2.h> #ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif +#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +#include <sys/types.h> +#endif + /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -151,14 +155,10 @@ typedef unsigned int u_int; #include <openssl/rand.h> #include "s_apps.h" -#ifdef OPENSSL_SYS_WINDOWS -#include <conio.h> -#endif - #ifdef OPENSSL_SYS_VMS #include "term_sock.h" #endif - + #ifdef OPENSSL_SYS_WINCE /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ #ifdef fileno @@ -1005,7 +1005,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif #ifdef OPENSSL_SYS_VMS @@ -1089,10 +1089,14 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); +<<<<<<< s_server.c #ifndef OPENSSL_SYS_WINDOWS #ifdef OPENSSL_SYS_VMS FD_SET(stdin_sock,&readfds); #else +======= +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) +>>>>>>> 1.87 FD_SET(fileno(stdin),&readfds); #endif #endif @@ -1103,8 +1107,8 @@ static int sv_body(char *hostname, int s, unsigned char *context) * the compiler: if you do have a cast then you can either * go for (int *) or (void *). */ -#ifdef OPENSSL_SYS_WINDOWS - /* Under Windows we can't select on stdin: only +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) + /* Under DOS (non-djgpp) and Windows we can't select on stdin: only * on sockets. As a workaround we timeout the select every * second and check for any keypress. In a proper Windows * application we wouldn't do this because it is inefficient. @@ -1380,7 +1384,13 @@ static int init_ssl_connection(SSL *con) if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); - +#ifndef OPENSSL_NO_KRB5 + if (con->kssl_ctx->client_princ != NULL) + { + BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", + con->kssl_ctx->client_princ); + } +#endif /* OPENSSL_NO_KRB5 */ return(1); } @@ -1532,7 +1542,9 @@ static int www_body(char *hostname, int s, unsigned char *context) else { BIO_printf(bio_s_out,"read R BLOCK\n"); -#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) +#if defined(OPENSSL_SYS_NETWARE) + delay(1000); +#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) sleep(1); #endif continue; @@ -1816,7 +1828,12 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); (void)BIO_flush(bio_err); } - rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); + if(((rsa_tmp = RSA_new()) == NULL) || !RSA_generate_key_ex( + rsa_tmp, keylength,RSA_F4,NULL)) + { + if(rsa_tmp) RSA_free(rsa_tmp); + rsa_tmp = NULL; + } if (!s_quiet) { BIO_printf(bio_err,"\n"); diff --git a/apps/s_socket.c b/apps/s_socket.c index 9a696d5f93..28c6b1e27a 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -88,7 +88,7 @@ typedef unsigned int u_int; #ifndef OPENSSL_NO_SOCK static struct hostent *GetHostByName(char *name); -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) static void ssl_sock_cleanup(void); #endif static int ssl_sock_init(void); @@ -104,6 +104,10 @@ static int host_ip(char *str, unsigned char ip[4]); #define SOCKET_PROTOCOL IPPROTO_TCP #endif +#ifdef OPENSSL_SYS_NETWARE +static int wsa_init_done=0; +#endif + #ifdef OPENSSL_SYS_WINDOWS static struct WSAData wsa_state; static int wsa_init_done=0; @@ -152,6 +156,15 @@ static void ssl_sock_cleanup(void) WSACleanup(); } } +#elif defined(OPENSSL_SYS_NETWARE) +static void sock_cleanup(void) + { + if (wsa_init_done) + { + wsa_init_done=0; + WSACleanup(); + } + } #endif static int ssl_sock_init(void) @@ -187,6 +200,27 @@ static int ssl_sock_init(void) SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); #endif /* OPENSSL_SYS_WIN16 */ } +#elif defined(OPENSSL_SYS_NETWARE) + WORD wVerReq; + WSADATA wsaData; + int err; + + if (!wsa_init_done) + { + +# ifdef SIGINT + signal(SIGINT,(void (*)(int))sock_cleanup); +# endif + + wsa_init_done=1; + wVerReq = MAKEWORD( 2, 0 ); + err = WSAStartup(wVerReq,&wsaData); + if (err != 0) + { + BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err); + return(0); + } + } #endif /* OPENSSL_SYS_WINDOWS */ return(1); } @@ -348,7 +382,7 @@ redoit: ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len); if (ret == INVALID_SOCKET) { -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) i=WSAGetLastError(); BIO_printf(bio_err,"accept error %d\n",i); #else @@ -395,7 +429,7 @@ redoit: perror("OPENSSL_malloc"); return(0); } - strcpy(*host,h1->h_name); + BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); h2=GetHostByName(*host); if (h2 == NULL) diff --git a/apps/s_time.c b/apps/s_time.c index 1ad16cd607..904945e1a8 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -85,7 +85,7 @@ #include OPENSSL_UNISTD #endif -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) +#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) #define TIMES #endif @@ -105,7 +105,7 @@ #undef TIMES #endif -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #include <sys/timeb.h> #endif @@ -384,6 +384,20 @@ static double tm_Time_F(int s) ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; return((ret == 0.0)?1e-6:ret); } +#elif defined(OPENSSL_SYS_NETWARE) + static clock_t tstart,tend; + + if (s == START) + { + tstart=clock(); + return(0); + } + else + { + tend=clock(); + ret=(double)((double)(tend)-(double)(tstart)); + return((ret < 0.001)?0.001:ret); + } #elif defined(OPENSSL_SYS_VXWORKS) { static unsigned long tick_start, tick_end; @@ -502,7 +516,7 @@ int MAIN(int argc, char **argv) if (s_www_path != NULL) { - sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); SSL_write(scon,buf,strlen(buf)); while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) bytes_read+=i; @@ -557,7 +571,7 @@ next: if (s_www_path != NULL) { - sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); SSL_write(scon,buf,strlen(buf)); while (SSL_read(scon,buf,sizeof(buf)) > 0) ; @@ -595,7 +609,7 @@ next: if (s_www_path) { - sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); SSL_write(scon,buf,strlen(buf)); while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) bytes_read+=i; diff --git a/apps/smime.c b/apps/smime.c index 1d7d828e01..418e03cd66 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -168,6 +168,10 @@ int MAIN(int argc, char **argv) flags |= PKCS7_BINARY; else if (!strcmp (*args, "-nosigs")) flags |= PKCS7_NOSIGS; + else if (!strcmp (*args, "-nooldmime")) + flags |= PKCS7_NOOLDMIMETYPE; + else if (!strcmp (*args, "-crlfeol")) + flags |= PKCS7_CRLFEOL; else if (!strcmp (*args, "-crl_check")) store_flags |= X509_V_FLAG_CRL_CHECK; else if (!strcmp (*args, "-crl_check_all")) diff --git a/apps/speed.c b/apps/speed.c index a634b11729..4c7cdcd009 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -88,7 +88,7 @@ #include <stdio.h> #include <stdlib.h> -#include <signal.h> + #include <string.h> #include <math.h> #include "apps.h" @@ -104,6 +104,10 @@ #include OPENSSL_UNISTD #endif +#ifndef OPENSSL_SYS_NETWARE +#include <signal.h> +#endif + #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) # define USE_TOD #elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) @@ -113,6 +117,12 @@ # define TIMEB #endif +#if defined(OPENSSL_SYS_NETWARE) +#undef TIMES +#undef TIMEB +#include <time.h> +#endif + #ifndef _IRIX # include <time.h> #endif @@ -137,7 +147,7 @@ #include <sys/timeb.h> #endif -#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #error "It seems neither struct tms nor struct timeb is supported in this platform!" #endif @@ -208,11 +218,21 @@ #include <openssl/ecdh.h> #endif +/* + * The following "HZ" timing stuff should be sync'd up with the code in + * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think + * this code is more up to date than libcrypto's so there may be features to + * migrate over first. This is used in two places further down AFAICS. + * The point is that nothing in openssl actually *uses* that tmdiff stuff, so + * either speed.c should be using it or it should go because it's obviously not + * useful enough. Anyone want to do a janitorial job on this? + */ + /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ # if defined(_SC_CLK_TCK) \ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) -# define HZ ((double)sysconf(_SC_CLK_TCK)) +# define HZ sysconf(_SC_CLK_TCK) # else # ifndef CLK_TCK # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ @@ -226,7 +246,7 @@ # endif #endif -#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) +#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE) # define HAVE_FORK 1 #endif @@ -288,13 +308,39 @@ static SIGRETTYPE sig_done(int sig) #define START 0 #define STOP 1 +#if defined(OPENSSL_SYS_NETWARE) + + /* for NetWare the best we can do is use clock() which returns the + * time, in hundredths of a second, since the NLM began executing + */ +static double Time_F(int s) + { + double ret; + + static clock_t tstart,tend; + + if (s == START) + { + tstart=clock(); + return(0); + } + else + { + tend=clock(); + ret=(double)((double)(tend)-(double)(tstart)); + return((ret < 0.001)?0.001:ret); + } + } + +#else + static double Time_F(int s) { double ret; #ifdef USE_TOD if(usertime) - { + { static struct rusage tstart,tend; getrusage_used = 1; @@ -349,7 +395,8 @@ static double Time_F(int s) else { times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + ret = HZ; + ret=(double)(tend.tms_utime-tstart.tms_utime) / ret; return((ret < 1e-3)?1e-3:ret); } } @@ -395,6 +442,7 @@ static double Time_F(int s) # endif #endif } +#endif /* if defined(OPENSSL_SYS_NETWARE) */ static const int KDF1_SHA1_len = 20; @@ -928,6 +976,7 @@ int MAIN(int argc, char **argv) { dsa_doit[R_DSA_512]=1; dsa_doit[R_DSA_1024]=1; + dsa_doit[R_DSA_2048]=1; } else #endif @@ -1219,6 +1268,9 @@ int MAIN(int argc, char **argv) c[D_CBC_RC5][0]=count; c[D_CBC_BF][0]=count; c[D_CBC_CAST][0]=count; + c[D_CBC_128_AES][0]=count; + c[D_CBC_192_AES][0]=count; + c[D_CBC_256_AES][0]=count; for (i=1; i<SIZE_NUM; i++) { @@ -1244,6 +1296,9 @@ int MAIN(int argc, char **argv) c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1; c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1; c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1; + c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1; + c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1; + c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1; } #ifndef OPENSSL_NO_RSA rsa_c[R_RSA_512][0]=count/2000; @@ -2079,12 +2134,28 @@ int MAIN(int argc, char **argv) } else { - secret_size_a = ECDH_compute_key(secret_a, KDF1_SHA1_len, + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). + */ + int field_size, outlen; + void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen); + field_size = EC_GROUP_get_degree(ecdh_a[j]->group); + if (field_size <= 24 * 8) + { + outlen = KDF1_SHA1_len; + kdf = KDF1_SHA1; + } + else + { + outlen = (field_size+7)/8; + kdf = NULL; + } + secret_size_a = ECDH_compute_key(secret_a, outlen, ecdh_b[j]->pub_key, - ecdh_a[j], KDF1_SHA1); - secret_size_b = ECDH_compute_key(secret_b, KDF1_SHA1_len, + ecdh_a[j], kdf); + secret_size_b = ECDH_compute_key(secret_b, outlen, ecdh_a[j]->pub_key, - ecdh_b[j], KDF1_SHA1); + ecdh_b[j], kdf); if (secret_size_a != secret_size_b) ecdh_checks = 0; else @@ -2113,9 +2184,9 @@ int MAIN(int argc, char **argv) Time_F(START); for (count=0,run=1; COND(ecdh_c[j][0]); count++) { - ECDH_compute_key(secret_a, KDF1_SHA1_len, + ECDH_compute_key(secret_a, outlen, ecdh_b[j]->pub_key, - ecdh_a[j], KDF1_SHA1); + ecdh_a[j], kdf); } d=Time_F(STOP); BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", @@ -2175,7 +2246,10 @@ show_res: #endif #ifdef HZ #define as_string(s) (#s) - printf("HZ=%g", (double)HZ); + { + double dbl = HZ; + printf("HZ=%g", dbl); + } # ifdef _SC_CLK_TCK printf(" [sysconf value]"); # endif diff --git a/apps/x509.c b/apps/x509.c index ed9e40574a..d30fbbe1e5 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -92,7 +92,9 @@ static char *x509_usage[]={ " -out arg - output file - default stdout\n", " -passin arg - private key password source\n", " -serial - print serial number value\n", -" -hash - print hash value\n", +" -subject_hash - print subject hash value\n", +" -issuer_hash - print issuer hash value\n", +" -hash - synonym for -subject_hash\n", " -subject - print subject DN\n", " -issuer - print issuer DN\n", " -email - print email address(es)\n", @@ -167,8 +169,8 @@ int MAIN(int argc, char **argv) char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *CAkeyfile=NULL,*CAserial=NULL; char *alias=NULL; - int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; - int ocspid=0; + int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; + int subject_hash=0,issuer_hash=0,ocspid=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; @@ -379,8 +381,11 @@ int MAIN(int argc, char **argv) x509req= ++num; else if (strcmp(*argv,"-text") == 0) text= ++num; - else if (strcmp(*argv,"-hash") == 0) - hash= ++num; + else if (strcmp(*argv,"-hash") == 0 + || strcmp(*argv,"-subject_hash") == 0) + subject_hash= ++num; + else if (strcmp(*argv,"-issuer_hash") == 0) + issuer_hash= ++num; else if (strcmp(*argv,"-subject") == 0) subject= ++num; else if (strcmp(*argv,"-issuer") == 0) @@ -707,10 +712,14 @@ bad: if (alstr) BIO_printf(STDout,"%s\n", alstr); else BIO_puts(STDout,"<No Alias>\n"); } - else if (hash == i) + else if (subject_hash == i) { BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } + else if (issuer_hash == i) + { + BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); + } else if (pprint == i) { X509_PURPOSE *ptmp; @@ -1039,24 +1048,26 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create char *buf = NULL, *p; ASN1_INTEGER *bs = NULL; BIGNUM *serial = NULL; + size_t len; - buf=OPENSSL_malloc( ((serialfile == NULL) - ?(strlen(CAfile)+strlen(POSTFIX)+1) - :(strlen(serialfile)))+1); + len = ((serialfile == NULL) + ?(strlen(CAfile)+strlen(POSTFIX)+1) + :(strlen(serialfile)))+1; + buf=OPENSSL_malloc(len); if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; } if (serialfile == NULL) { - strcpy(buf,CAfile); + BUF_strlcpy(buf,CAfile,len); for (p=buf; *p; p++) if (*p == '.') { *p='\0'; break; } - strcat(buf,POSTFIX); + BUF_strlcat(buf,POSTFIX,len); } else - strcpy(buf,serialfile); + BUF_strlcpy(buf,serialfile,len); serial = load_serial(buf, create, NULL); if (serial == NULL) goto end; @@ -1094,7 +1105,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, else if (!(bs = x509_load_serial(CAfile, serialfile, create))) goto end; - if (!X509_STORE_add_cert(ctx,x)) goto end; +/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/ /* NOTE: this certificate can/should be self signed, unless it was * a certificate request in which case it is not. */ diff --git a/bugs/SSLv3 b/bugs/SSLv3 index db53e1343a..a75a1652d9 100644 --- a/bugs/SSLv3 +++ b/bugs/SSLv3 @@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when doing a re-connect, always takes the first cipher in the cipher list. If we accept a netscape connection, demand a client cert, have a -non-self-sighed CA which does not have it's CA in netscape, and the +non-self-signed CA which does not have it's CA in netscape, and the browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta Netscape browsers do not really notice the server sending a diff --git a/certs/vsign3.pem b/certs/vsign3.pem index aa5bb4c1f3..4b8c0251cb 100644 --- a/certs/vsign3.pem +++ b/certs/vsign3.pem @@ -1,18 +1,17 @@ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority notBefore=Jan 29 00:00:00 1996 GMT -notAfter=Jan 7 23:59:59 2004 GMT +notAfter=Aug 1 23:59:59 2028 GMT -----BEGIN CERTIFICATE----- -MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ -BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh -c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05 -NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD -VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp -bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo -RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4 -rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN -BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp -STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH -ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ -pA== +MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE +BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is +I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G +CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do +lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc +AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k -----END CERTIFICATE----- @@ -134,7 +134,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "$HPUXVER" in 1[0-9].*) # HPUX 10 and 11 targets are unified - echo "${MACHINE}-hp-hpux10"; exit 0 + echo "${MACHINE}-hp-hpux1x"; exit 0 ;; *) echo "${MACHINE}-hp-hpux"; exit 0 @@ -410,9 +410,10 @@ if [ "$SYSTEM" = "HP-UX" ];then GCC_BITS="32" if [ $GCCVER -ge 30 ]; then # PA64 support only came in with gcc 3.0.x. - # We look for the preprocessor symbol __LP64__ indicating - # 64bit bit long and pointer. sizeof(int) == 32 on HPUX64. - if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then + # We check if the preprocessor symbol __LP64__ is defined... + if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then + : # __LP64__ has slipped through, it therefore is not defined + else GCC_BITS="64" fi fi diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 522a162c1e..ed7d176187 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -26,31 +26,33 @@ CFLAGS= $(INCLUDE) $(CFLAG) LIBS= -SDIRS= md2 md5 sha mdc2 hmac ripemd \ +SDIRS= objects \ + md2 md4 md5 sha mdc2 hmac ripemd \ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa ecdsa ecdh dh dso engine aes \ - buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + buffer bio stack lhash rand err \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + store GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) -LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c -LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o +LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c +LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o SRC= $(LIBSRC) EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h -HEADER= cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER) +HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) top: @(cd ..; $(MAKE) DIRS=$(DIR) all) -all: buildinf.h lib subdirs shared +all: shared buildinf.h: ../Makefile.ssl ( echo "#ifndef MK1MF_BUILD"; \ @@ -81,11 +83,11 @@ files: done; links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @for i in $(SDIRS); do \ (cd $$i && echo "making links in crypto/$$i..." && \ $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \ @@ -96,7 +98,7 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -shared: +shared: buildinf.h lib subdirs if [ -n "$(SHARED_LIBS)" ]; then \ (cd ..; $(MAKE) $(SHARED_LIB)); \ fi @@ -203,6 +205,8 @@ mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c +o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c +o_str.o: o_str.h o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c o_time.o: o_time.h tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h diff --git a/crypto/aes/Makefile.ssl b/crypto/aes/Makefile.ssl index 364d05bbfe..f353aeb697 100644 --- a/crypto/aes/Makefile.ssl +++ b/crypto/aes/Makefile.ssl @@ -52,7 +52,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index 7f4b0e8066..6bc0cf00a9 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -102,7 +102,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, unsigned char *ivec, int *num); void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char counter[AES_BLOCK_SIZE], + unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num); diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index 01e965a532..1222a21002 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -86,7 +86,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, for(n=len; n < AES_BLOCK_SIZE; ++n) tmp[n] = ivec[n]; AES_encrypt(tmp, tmp, key); - memcpy(out, tmp, len); + memcpy(out, tmp, AES_BLOCK_SIZE); memcpy(ivec, tmp, AES_BLOCK_SIZE); } } else { @@ -104,7 +104,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(tmp, tmp, key); for(n=0; n < len; ++n) - out[n] ^= ivec[n]; + out[n] = tmp[n] ^ ivec[n]; memcpy(ivec, tmp, AES_BLOCK_SIZE); } } diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index 59088499a0..2487d83fb1 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -59,39 +59,44 @@ #include <openssl/aes.h> #include "aes_locl.h" -/* NOTE: CTR mode is big-endian. The rest of the AES code +/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code * is endian-neutral. */ -/* increment counter (128-bit int) by 2^64 */ +/* increment counter (128-bit int) by 1 */ static void AES_ctr128_inc(unsigned char *counter) { unsigned long c; - /* Grab 3rd dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 8); + /* Grab bottom dword of counter and increment */ + c = GETU32(counter + 12); c++; - PUTU32(counter + 8, c); -#else - c = GETU32(counter + 4); + PUTU32(counter + 12, c); + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab 1st dword of counter and increment */ + c = GETU32(counter + 8); c++; - PUTU32(counter + 4, c); -#endif + PUTU32(counter + 8, c); /* if no overflow, we're done */ if (c) return; - /* Grab top dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 12); + /* Grab 2nd dword of counter and increment */ + c = GETU32(counter + 4); c++; - PUTU32(counter + 12, c); -#else + PUTU32(counter + 4, c); + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab top dword of counter and increment */ c = GETU32(counter + 0); c++; PUTU32(counter + 0, c); -#endif - } /* The input encrypted as though 128bit counter mode is being @@ -100,10 +105,16 @@ static void AES_ctr128_inc(unsigned char *counter) { * encrypted counter is kept in ecount_buf. Both *num and * ecount_buf must be initialised with zeros before the first * call to AES_ctr128_encrypt(). + * + * This algorithm assumes that the counter is in the x lower bits + * of the IV (ivec), and that the application has full control over + * overflow and the rest of the IV. This implementation takes NO + * responsability for checking that the counter doesn't overflow + * into the rest of the IV when incremented. */ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char counter[AES_BLOCK_SIZE], + unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num) { @@ -117,8 +128,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, while (l--) { if (n == 0) { - AES_encrypt(counter, ecount_buf, key); - AES_ctr128_inc(counter); + AES_encrypt(ivec, ecount_buf, key); + AES_ctr128_inc(ivec); } *(out++) = *(in++) ^ ecount_buf[n]; n = (n+1) % AES_BLOCK_SIZE; diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index cd4a7e1335..74a90b2fa8 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -77,7 +77,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 68a525fb12..d9db53f01d 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -67,12 +67,13 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) { - int i,j,k; + int j,k; + unsigned int i; unsigned char buf[sizeof(long)+1]; long d; a->type=V_ASN1_ENUMERATED; - if (a->length < (sizeof(long)+1)) + if (a->length < (int)(sizeof(long)+1)) { if (a->data != NULL) OPENSSL_free(a->data); @@ -116,7 +117,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) else if (i != V_ASN1_ENUMERATED) return -1; - if (a->length > sizeof(long)) + if (a->length > (int)sizeof(long)) { /* hmm... a bit ugly */ return(0xffffffffL); diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index cd09f68b38..1aba86d0db 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -208,6 +208,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, char *p; struct tm *ts; struct tm data; + size_t len = 20; if (s == NULL) s=M_ASN1_GENERALIZEDTIME_new(); @@ -219,17 +220,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, return(NULL); p=(char *)s->data; - if ((p == NULL) || (s->length < 16)) + if ((p == NULL) || (s->length < len)) { - p=OPENSSL_malloc(20); + p=OPENSSL_malloc(len); if (p == NULL) return(NULL); if (s->data != NULL) OPENSSL_free(s->data); s->data=(unsigned char *)p; } - sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, - ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); + BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, + ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); s->length=strlen(p); s->type=V_ASN1_GENERALIZEDTIME; #ifdef CHARSET_EBCDIC_not diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 78402cd985..4bb300c20b 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -313,12 +313,13 @@ err: int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) { - int i,j,k; + int j,k; + unsigned int i; unsigned char buf[sizeof(long)+1]; long d; a->type=V_ASN1_INTEGER; - if (a->length < (sizeof(long)+1)) + if (a->length < (int)(sizeof(long)+1)) { if (a->data != NULL) OPENSSL_free(a->data); @@ -362,7 +363,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a) else if (i != V_ASN1_INTEGER) return -1; - if (a->length > sizeof(long)) + if (a->length > (int)sizeof(long)) { /* hmm... a bit ugly */ return(0xffffffffL); diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 5d981c6553..208b3ec395 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, if((minsize > 0) && (nchar < minsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); - sprintf(strbuf, "%ld", minsize); + BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); ERR_add_error_data(2, "minsize=", strbuf); return -1; } if((maxsize > 0) && (nchar > maxsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); - sprintf(strbuf, "%ld", maxsize); + BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); ERR_add_error_data(2, "maxsize=", strbuf); return -1; } @@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg) static int out_utf8(unsigned long value, void *arg) { - long *outlen; + int *outlen; outlen = arg; *outlen += UTF8_putc(NULL, -1, value); return 1; diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 0a8e6c287c..124451d7a6 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -184,7 +184,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) if ((a == NULL) || (a->data == NULL)) return(BIO_write(bp,"NULL",4)); i=i2t_ASN1_OBJECT(buf,sizeof buf,a); - if (i > sizeof buf) i=sizeof buf; + if (i > (int)sizeof(buf)) i=sizeof buf; BIO_write(bp,buf,i); return(i); } diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 1def6c6549..bde666a6ff 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -279,13 +279,13 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING * otherwise it is the number of bytes per character */ -const static char tag2nbyte[] = { +const static signed char tag2nbyte[] = { -1, -1, -1, -1, -1, /* 0-4 */ -1, -1, -1, -1, -1, /* 5-9 */ -1, -1, 0, -1, /* 10-13 */ -1, -1, -1, -1, /* 15-17 */ -1, 1, 1, /* 18-20 */ - -1, 1, -1,-1, /* 21-24 */ + -1, 1, 1, 1, /* 21-24 */ -1, 1, -1, /* 25-27 */ 4, -1, 2 /* 28-30 */ }; diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index aa49e9d7d0..613bbc4a7d 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, /* Now the tables and helper functions for the string table: */ -/* size limits: this stuff is taken straight from RFC2459 */ +/* size limits: this stuff is taken straight from RFC3280 */ #define ub_name 32768 #define ub_common_name 64 @@ -153,6 +153,8 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, #define ub_organization_unit_name 64 #define ub_title 64 #define ub_email_address 128 +#define ub_serial_number 64 + /* This table must be kept in NID order */ @@ -170,6 +172,7 @@ static ASN1_STRING_TABLE tbl_standard[] = { {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 7348da9457..159681fbcb 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -128,6 +128,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE { ASN1_GENERALIZEDTIME *ret; char *str; + int newlen; if (!ASN1_TIME_check(t)) return NULL; @@ -150,12 +151,14 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE /* grow the string */ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) return NULL; + /* ASN1_STRING_set() allocated 'len + 1' bytes. */ + newlen = t->length + 2 + 1; str = (char *)ret->data; /* Work out the century and prepend */ - if (t->data[0] >= '5') strcpy(str, "19"); - else strcpy(str, "20"); + if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen); + else BUF_strlcpy(str, "20", newlen); - BUF_strlcat(str, (char *)t->data, t->length+3); /* Include space for a '\0' */ + BUF_strlcat(str, (char *)t->data, newlen); return ret; } diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index dbb4a42c9d..6bc609a905 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -188,6 +188,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) char *p; struct tm *ts; struct tm data; + size_t len = 20; if (s == NULL) s=M_ASN1_UTCTIME_new(); @@ -199,17 +200,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) return(NULL); p=(char *)s->data; - if ((p == NULL) || (s->length < 14)) + if ((p == NULL) || (s->length < len)) { - p=OPENSSL_malloc(20); + p=OPENSSL_malloc(len); if (p == NULL) return(NULL); if (s->data != NULL) OPENSSL_free(s->data); s->data=(unsigned char *)p; } - sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, - ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); + BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, + ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); s->length=strlen(p); s->type=V_ASN1_UTCTIME; #ifdef CHARSET_EBCDIC_not diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 790e7b967b..a9ba2d6e9b 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -132,7 +132,7 @@ extern "C" { #define B_ASN1_NUMERICSTRING 0x0001 #define B_ASN1_PRINTABLESTRING 0x0002 #define B_ASN1_T61STRING 0x0004 -#define B_ASN1_TELETEXSTRING 0x0008 +#define B_ASN1_TELETEXSTRING 0x0004 #define B_ASN1_VIDEOTEXSTRING 0x0008 #define B_ASN1_IA5STRING 0x0010 #define B_ASN1_GRAPHICSTRING 0x0020 diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index c035cc0f5d..277726cd50 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -544,7 +544,7 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons static int asn1_str2tag(const char *tagstr, int len) { - int i; + unsigned int i; static struct tag_name_st *tntmp, tnst [] = { ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 3f7b3aad2a..b720bccac7 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, l<<=7L; l|= *(p++)&0x7f; if (--max == 0) goto err; + if (l > (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; + if (--max == 0) goto err; } else { @@ -143,7 +145,7 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) { unsigned char *p= *pp; unsigned long ret=0; - int i; + unsigned int i; if (max-- < 1) return(0); if (*p == 0x80) @@ -421,8 +423,8 @@ void asn1_add_error(unsigned char *address, int offset) { char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; - sprintf(buf1,"%lu",(unsigned long)address); - sprintf(buf2,"%d",offset); + BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address); + BIO_snprintf(buf2,sizeof buf2,"%d",offset); ERR_add_error_data(4,"address=",buf1," offset=",buf2); } diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index d64edbd797..bd8de1e8d4 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, p=str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) - sprintf(str,"priv [ %d ] ",tag); + BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag); else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) - sprintf(str,"cont [ %d ]",tag); + BIO_snprintf(str,sizeof str,"cont [ %d ]",tag); else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) - sprintf(str,"appl [ %d ]",tag); + BIO_snprintf(str,sizeof str,"appl [ %d ]",tag); else p = ASN1_tag2str(tag); if (p2 != NULL) diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h index c1a4bea8f1..6cfa2dd50c 100644 --- a/crypto/asn1/asn1t.h +++ b/crypto/asn1/asn1t.h @@ -839,7 +839,6 @@ typedef struct ASN1_AUX_st { DECLARE_ASN1_ITEM(ASN1_BOOLEAN) DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) -DECLARE_ASN1_ITEM(ASN1_ANY) DECLARE_ASN1_ITEM(ASN1_SEQUENCE) DECLARE_ASN1_ITEM(CBIGNUM) DECLARE_ASN1_ITEM(BIGNUM) diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 4c2bd4e5c8..d0fd732098 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -103,8 +103,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: - if ((ret->pkey.dsa=d2i_DSAPublicKey(&(ret->pkey.dsa), - (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ + if (!d2i_DSAPublicKey(&(ret->pkey.dsa), + (const unsigned char **)pp,length)) /* TMP UGLY CAST */ { ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); goto err; @@ -113,8 +113,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - if ((ret->pkey.eckey = o2i_ECPublicKey(&(ret->pkey.eckey), - (const unsigned char **)pp, length)) == NULL) + if (!o2i_ECPublicKey(&(ret->pkey.eckey), + (const unsigned char **)pp, length)) { ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); goto err; diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index 06e85f3b4c..86bd2e04e4 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -150,9 +150,9 @@ int RSA_print(BIO *bp, const RSA *x, int off) } if (x->d == NULL) - sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n)); + BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n)); else - strcpy(str,"modulus:"); + BUF_strlcpy(str,"modulus:",sizeof str); if (!print(bp,str,x->n,m,off)) goto err; s=(x->d == NULL)?"Exponent:":"publicExponent:"; if (!print(bp,s,x->e,m,off)) goto err; diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 75bbafacd7..e5774fef44 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -692,6 +692,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { + ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; int ret = 0; @@ -706,6 +707,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *pval = (ASN1_VALUE *)typ; } else typ = (ASN1_TYPE *)*pval; if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); + opval = pval; pval = (ASN1_VALUE **)&typ->value.ptr; } switch(utype) { @@ -797,7 +799,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char ret = 1; err: - if(!ret) ASN1_TYPE_free(typ); + if(!ret) + { + ASN1_TYPE_free(typ); + if (opval) + *opval = NULL; + } return ret; } diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index c04b192794..4b5953c0fd 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -104,7 +104,12 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A long ltmp; unsigned long utmp; int clen, pad, i; - ltmp = *(long *)pval; + /* this exists to bypass broken gcc optimization */ + char *cp = (char *)pval; + + /* use memcpy, because we may not be long aligned */ + memcpy(<mp, cp, sizeof(long)); + if(ltmp == it->size) return -1; /* Convert the long to positive: we subtract one if negative so * we can cleanly handle the padding if only the MSB of the leading @@ -136,7 +141,8 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, int neg, i; long ltmp; unsigned long utmp = 0; - if(len > sizeof(long)) { + char *cp = (char *)pval; + if(len > (int)sizeof(long)) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } @@ -158,6 +164,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } - *(long *)pval = ltmp; + memcpy(cp, <mp, sizeof(long)); return 1; } diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index c32a6eaa49..01698dd217 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -323,7 +323,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) p=key->public_key->data; j=key->public_key->length; - if ((ret = d2i_PublicKey(type, &ret, &p, (long)j)) == NULL) + if (!d2i_PublicKey(type, &ret, &p, (long)j)) { X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); goto err; diff --git a/crypto/bf/Makefile.ssl b/crypto/bf/Makefile.ssl index bb14a0ee82..be3ad77a05 100644 --- a/crypto/bf/Makefile.ssl +++ b/crypto/bf/Makefile.ssl @@ -22,6 +22,7 @@ BF_ENC= bf_enc.o #DES_ENC= bx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=bftest.c @@ -67,7 +68,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/bf/bf_opts.c b/crypto/bf/bf_opts.c index 171dada2ca..1721bb99b4 100644 --- a/crypto/bf/bf_opts.c +++ b/crypto/bf/bf_opts.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif + #ifndef _IRIX #include <time.h> #endif diff --git a/crypto/bf/bfspeed.c b/crypto/bf/bfspeed.c index f346af64f3..c41ef3b403 100644 --- a/crypto/bf/bfspeed.c +++ b/crypto/bf/bfspeed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif + #ifndef _IRIX #include <time.h> #endif diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c index 14bc4d7c8b..97e6634d37 100644 --- a/crypto/bf/bftest.c +++ b/crypto/bf/bftest.c @@ -278,6 +278,9 @@ int main(int argc, char *argv[]) else ret=test(); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(0); } diff --git a/crypto/bio/Makefile.ssl b/crypto/bio/Makefile.ssl index 141a03ae1d..d0b9e297b0 100644 --- a/crypto/bio/Makefile.ssl +++ b/crypto/bio/Makefile.ssl @@ -57,7 +57,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index 8397cfab6a..76fee2db4f 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -77,15 +77,15 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) { int ret=0; char buf[288+1],tmp[20],str[128+1]; - int i,j,rows,trunc; + int i,j,rows,trc; unsigned char ch; int dump_width; - trunc=0; + trc=0; #ifdef TRUNCATE for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) - trunc++; + trc++; #endif if (indent < 0) @@ -104,47 +104,51 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) for(i=0;i<rows;i++) { buf[0]='\0'; /* start with empty string */ - strcpy(buf,str); - sprintf(tmp,"%04x - ",i*dump_width); - strcat(buf,tmp); + BUF_strlcpy(buf,str,sizeof buf); + BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width); + BUF_strlcat(buf,tmp,sizeof buf); for(j=0;j<dump_width;j++) { if (((i*dump_width)+j)>=len) { - strcat(buf," "); + BUF_strlcat(buf," ",sizeof buf); } else { ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; - sprintf(tmp,"%02x%c",ch,j==7?'-':' '); - strcat(buf,tmp); + BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch, + j==7?'-':' '); + BUF_strlcat(buf,tmp,sizeof buf); } } - strcat(buf," "); + BUF_strlcat(buf," ",sizeof buf); for(j=0;j<dump_width;j++) { if (((i*dump_width)+j)>=len) break; ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; #ifndef CHARSET_EBCDIC - sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.'); + BIO_snprintf(tmp,sizeof tmp,"%c", + ((ch>=' ')&&(ch<='~'))?ch:'.'); #else - sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) - ? os_toebcdic[ch] - : '.'); + BIO_snprintf(tmp,sizeof tmp,"%c", + ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) + ? os_toebcdic[ch] + : '.'); #endif - strcat(buf,tmp); + BUF_strlcat(buf,tmp,sizeof buf); } - strcat(buf,"\n"); + BUF_strlcat(buf,"\n",sizeof buf); /* if this is the last call then update the ddt_dump thing so that * we will move the selection point in the debug window */ ret+=BIO_write(bio,(char *)buf,strlen(buf)); } #ifdef TRUNCATE - if (trunc > 0) + if (trc > 0) { - sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc); + BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str, + len+trc); ret+=BIO_write(bio,(char *)buf,strlen(buf)); } #endif diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index a9e552f245..960a049bca 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -513,8 +513,8 @@ fmtint( (caps ? "0123456789ABCDEF" : "0123456789abcdef") [uvalue % (unsigned) base]; uvalue = (uvalue / (unsigned) base); - } while (uvalue && (place < sizeof convert)); - if (place == sizeof convert) + } while (uvalue && (place < (int)sizeof(convert))); + if (place == sizeof(convert)) place--; convert[place] = 0; @@ -576,12 +576,12 @@ abs_val(LDOUBLE value) } static LDOUBLE -pow10(int exp) +pow10(int in_exp) { LDOUBLE result = 1; - while (exp) { + while (in_exp) { result *= 10; - exp--; + in_exp--; } return result; } @@ -643,7 +643,7 @@ fmtfp( if (fracpart >= pow10(max)) { intpart++; - fracpart -= (long)pow10(max); + fracpart -= pow10(max); } /* convert integer part */ @@ -652,8 +652,8 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; intpart = (intpart / 10); - } while (intpart && (iplace < sizeof iplace)); - if (iplace == sizeof iplace) + } while (intpart && (iplace < (int)sizeof(iconvert))); + if (iplace == sizeof iconvert) iplace--; iconvert[iplace] = 0; @@ -664,7 +664,7 @@ fmtfp( : "0123456789abcdef")[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); - if (fplace == sizeof fplace) + if (fplace == sizeof fconvert) fplace--; fconvert[fplace] = 0; @@ -836,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) * had the buffer been large enough.) */ return -1; else - return (retlen <= INT_MAX) ? retlen : -1; + return (retlen <= INT_MAX) ? (int)retlen : -1; } diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index cb7b07dff1..c964e40c54 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -79,7 +79,7 @@ #define MAX_LISTEN 32 #endif -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) static int wsa_init_done=0; #endif @@ -501,6 +501,31 @@ int BIO_sock_init(void) if (sock_init()) return (-1); #endif + +#if defined(OPENSSL_SYS_NETWARE) + WORD wVerReq; + WSADATA wsaData; + int err; + + if (!wsa_init_done) + { + +# ifdef SIGINT + signal(SIGINT,(void (*)(int))BIO_sock_cleanup); +# endif + + wsa_init_done=1; + wVerReq = MAKEWORD( 2, 0 ); + err = WSAStartup(wVerReq,&wsaData); + if (err != 0) + { + SYSerr(SYS_F_WSASTARTUP,err); + BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP); + return(-1); + } + } +#endif + return(1); } @@ -515,6 +540,12 @@ void BIO_sock_cleanup(void) #endif WSACleanup(); } +#elif defined(OPENSSL_SYS_NETWARE) + if (wsa_init_done) + { + wsa_init_done=0; + WSACleanup(); + } #endif } @@ -741,12 +772,12 @@ int BIO_accept(int sock, char **addr) } *addr=p; } - sprintf(*addr,"%d.%d.%d.%d:%d", - (unsigned char)(l>>24L)&0xff, - (unsigned char)(l>>16L)&0xff, - (unsigned char)(l>> 8L)&0xff, - (unsigned char)(l )&0xff, - port); + BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d", + (unsigned char)(l>>24L)&0xff, + (unsigned char)(l>>16L)&0xff, + (unsigned char)(l>> 8L)&0xff, + (unsigned char)(l )&0xff, + port); end: return(ret); } diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 1cecd70579..c1fd75aaad 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -494,6 +494,7 @@ static int buffer_gets(BIO *b, char *buf, int size) if (i <= 0) { BIO_copy_next_retry(b); + *buf='\0'; if (i < 0) return((num > 0)?num:i); if (i == 0) return(num); } diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 0ffa4d2136..6f4254a114 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -70,55 +70,61 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, MS_STATIC char buf[256]; char *p; long r=1; + size_t p_maxlen; if (BIO_CB_RETURN & cmd) r=ret; - sprintf(buf,"BIO[%08lX]:",(unsigned long)bio); + BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio); p= &(buf[14]); + p_maxlen = sizeof buf - 14; switch (cmd) { case BIO_CB_FREE: - sprintf(p,"Free - %s\n",bio->method->name); + BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name); break; case BIO_CB_READ: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num); + BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n", + bio->num,argi,bio->method->name,bio->num); else - sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n", + bio->num,argi,bio->method->name); break; case BIO_CB_WRITE: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num); + BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n", + bio->num,argi,bio->method->name,bio->num); else - sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n", + bio->num,argi,bio->method->name); break; case BIO_CB_PUTS: - sprintf(p,"puts() - %s\n",bio->method->name); + BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name); break; case BIO_CB_GETS: - sprintf(p,"gets(%d) - %s\n",argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name); break; case BIO_CB_CTRL: - sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name); break; case BIO_CB_RETURN|BIO_CB_READ: - sprintf(p,"read return %ld\n",ret); + BIO_snprintf(p,p_maxlen,"read return %ld\n",ret); break; case BIO_CB_RETURN|BIO_CB_WRITE: - sprintf(p,"write return %ld\n",ret); + BIO_snprintf(p,p_maxlen,"write return %ld\n",ret); break; case BIO_CB_RETURN|BIO_CB_GETS: - sprintf(p,"gets return %ld\n",ret); + BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret); break; case BIO_CB_RETURN|BIO_CB_PUTS: - sprintf(p,"puts return %ld\n",ret); + BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret); break; case BIO_CB_RETURN|BIO_CB_CTRL: - sprintf(p,"ctrl return %ld\n",ret); + BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret); break; default: - sprintf(p,"bio callback - unknown type (%d)\n",cmd); + BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd); break; } diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index aa58dab046..0f9f0955b4 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -1,4 +1,57 @@ /* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Special method for a BIO where the other endpoint is also a BIO * of this kind, handled by the same thread (i.e. the "peer" is actually @@ -502,7 +555,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) break; case BIO_C_DESTROY_BIO_PAIR: - /* Effects both BIOs in the pair -- call just once! + /* Affects both BIOs in the pair -- call just once! * Or let BIO_free(bio1); BIO_free(bio2); do the job. */ bio_destroy_pair(bio); ret = 1; diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index d5c3f40da0..f25cfab445 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -587,8 +587,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) char buf[16]; unsigned char *p = ptr; - sprintf(buf,"%d.%d.%d.%d", - p[0],p[1],p[2],p[3]); + BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d", + p[0],p[1],p[2],p[3]); if (data->param_hostname != NULL) OPENSSL_free(data->param_hostname); data->param_hostname=BUF_strdup(buf); @@ -598,7 +598,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) { char buf[DECIMAL_SIZE(int)+1]; - sprintf(buf,"%d",*(int *)ptr); + BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr); if (data->param_port != NULL) OPENSSL_free(data->param_port); data->param_port=BUF_strdup(buf); diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index a66600c1a3..f36bec2864 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -213,12 +213,36 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown=(int)num&BIO_CLOSE; b->ptr=(char *)ptr; b->init=1; -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) + if (num & BIO_FP_TEXT) + _setmode(fd,_O_TEXT); + else + _setmode(fd,_O_BINARY); +#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) + /* Under CLib there are differences in file modes + */ + if (num & BIO_FP_TEXT) + _setmode(fileno((FILE *)ptr),O_TEXT); + else + _setmode(fileno((FILE *)ptr),O_BINARY); +#elif defined(OPENSSL_SYS_MSDOS) + { + int fd = fileno((FILE*)ptr); /* Set correct text/binary mode */ if (num & BIO_FP_TEXT) - _setmode(fileno((FILE *)ptr),_O_TEXT); + _setmode(fd,_O_TEXT); + /* Dangerous to set stdin/stdout to raw (unless redirected) */ else - _setmode(fileno((FILE *)ptr),_O_BINARY); + { + if (fd == STDIN_FILENO || fd == STDOUT_FILENO) + { + if (isatty(fd) <= 0) + _setmode(fd,_O_BINARY); + } + else + _setmode(fd,_O_BINARY); + } + } #elif defined(OPENSSL_SYS_OS2) if (num & BIO_FP_TEXT) setmode(fileno((FILE *)ptr), O_TEXT); @@ -232,15 +256,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) if (num & BIO_FP_APPEND) { if (num & BIO_FP_READ) - strcpy(p,"a+"); - else strcpy(p,"a"); + BUF_strlcpy(p,"a+",sizeof p); + else BUF_strlcpy(p,"a",sizeof p); } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) - strcpy(p,"r+"); + BUF_strlcpy(p,"r+",sizeof p); else if (num & BIO_FP_WRITE) - strcpy(p,"w"); + BUF_strlcpy(p,"w",sizeof p); else if (num & BIO_FP_READ) - strcpy(p,"r"); + BUF_strlcpy(p,"r",sizeof p); else { BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); @@ -253,7 +277,13 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) else strcat(p,"t"); #endif - fp=fopen(ptr,p); +#if defined(OPENSSL_SYS_NETWARE) + if (!(num & BIO_FP_TEXT)) + strcat(p,"b"); + else + strcat(p,"t"); +#endif +fp=fopen(ptr,p); if (fp == NULL) { SYSerr(SYS_F_FOPEN,get_last_sys_error()); diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index ed7a63bfbb..5a5de26c9b 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -79,6 +79,8 @@ # include <starlet.h> #elif defined(__ultrix) # include <sys/syslog.h> +#elif defined(OPENSSL_SYS_NETWARE) +# define NO_SYSLOG #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) # include <syslog.h> #endif diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 946a7be8e0..a21358bc88 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -321,7 +321,7 @@ int BIO_sock_non_fatal_error(int err) { switch (err) { -#if defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) # if defined(WSAEWOULDBLOCK) case WSAEWOULDBLOCK: # endif diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl index c109411d4b..450f8ad585 100644 --- a/crypto/bn/Makefile.ssl +++ b/crypto/bn/Makefile.ssl @@ -22,6 +22,7 @@ BN_ASM= bn_asm.o #BN_ASM= bn86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=bntest.c exptest.c @@ -125,7 +126,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index d7a5fce6ea..f58d5f55a0 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -81,6 +81,22 @@ extern "C" { #endif +/* These preprocessor symbols control various aspects of the bignum headers and + * library code. They're not defined by any "normal" configuration, as they are + * intended for development and testing purposes. NB: defining all three can be + * useful for debugging application code as well as openssl itself. + * + * BN_DEBUG - turn on various debugging alterations to the bignum code + * BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + * BN_STRICT - disables anything (not already caught by BN_DEBUG) that uses the + * old ambiguity over zero representation. At some point, this behaviour should + * become standard. + */ +/* #define BN_DEBUG */ +/* #define BN_DEBUG_RAND */ +/* #define BN_STRICT */ + #ifdef OPENSSL_SYS_VMS #undef BN_LLONG /* experimental, so far... */ #endif @@ -238,7 +254,9 @@ extern "C" { #define BN_FLG_MALLOCED 0x01 #define BN_FLG_STATIC_DATA 0x02 +#ifndef OPENSSL_NO_DEPRECATED #define BN_FLG_FREE 0x8000 /* used for debuging */ +#endif #define BN_set_flags(b,n) ((b)->flags|=(n)) #define BN_get_flags(b,n) ((b)->flags&(n)) @@ -341,12 +359,16 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -/* Note that BN_abs_is_word does not work reliably for w == 0 */ -#define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) -#define BN_is_zero(a) (((a)->top == 0) || BN_abs_is_word(a,0)) +/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ +#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ + (((w) == 0) && ((a)->top == 0))) +#ifdef BN_STRICT +#define BN_is_zero(a) ((a)->top == 0) +#else +#define BN_is_zero(a) BN_abs_is_word(a,0) +#endif #define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -#define BN_is_word(a,w) ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \ - BN_is_zero((a))) +#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) #define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) #define BN_one(a) (BN_set_word((a),1)) @@ -363,7 +385,9 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); const BIGNUM *BN_value_one(void); char * BN_options(void); BN_CTX *BN_CTX_new(void); +#ifndef OPENSSL_NO_DEPRECATED void BN_CTX_init(BN_CTX *c); +#endif void BN_CTX_free(BN_CTX *c); void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); @@ -588,7 +612,85 @@ const BIGNUM *BN_get0_nist_prime_521(void); BIGNUM *bn_expand2(BIGNUM *a, int words); BIGNUM *bn_dup_expand(const BIGNUM *a, int words); -#define bn_fix_top(a) \ +/* Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ + +#ifdef BN_DEBUG + +/* We only need assert() when debugging */ +#include <assert.h> + +#ifdef BN_DEBUG_RAND +/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +#ifndef RAND_pseudo_bytes +int RAND_pseudo_bytes(unsigned char *buf,int num); +#define BN_DEBUG_TRIX +#endif +#define bn_pollute(a) \ + do { \ + const BIGNUM *_bnum1 = (a); \ + if(_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + RAND_pseudo_bytes(&_tmp_char, 1); \ + memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ + (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ + } \ + } while(0) +#ifdef BN_DEBUG_TRIX +#undef RAND_pseudo_bytes +#endif +#else +#define bn_pollute(a) +#endif +#define bn_check_top(a) \ + do { \ + const BIGNUM *_bnum2 = (a); \ + assert((_bnum2->top == 0) || \ + (_bnum2->d[_bnum2->top - 1] != 0)); \ + bn_pollute(_bnum2); \ + } while(0) + +#define bn_fix_top(a) bn_check_top(a) + +#else /* !BN_DEBUG */ + +#define bn_pollute(a) +#define bn_check_top(a) +#define bn_fix_top(a) bn_correct_top(a) + +#endif + +#define bn_correct_top(a) \ { \ BN_ULONG *ftl; \ if ((a)->top > 0) \ @@ -596,6 +698,7 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ if (*(ftl--)) break; \ } \ + bn_pollute(a); \ } BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index 6cba07e9f6..9405163706 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -64,7 +64,7 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { const BIGNUM *tmp; - int a_neg = a->neg; + int a_neg = a->neg, ret; bn_check_top(a); bn_check_top(b); @@ -95,20 +95,17 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) return(1); } - if (!BN_uadd(r,a,b)) return(0); - if (a_neg) /* both are neg */ - r->neg=1; - else - r->neg=0; - return(1); + ret = BN_uadd(r,a,b); + r->neg = a_neg; + bn_check_top(r); + return ret; } -/* unsigned add of b to a, r must be large enough */ +/* unsigned add of b to a */ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { - register int i; - int max,min; - BN_ULONG *ap,*bp,*rp,carry,t1; + int max,min,dif; + BN_ULONG *ap,*bp,*rp,carry,t1,t2; const BIGNUM *tmp; bn_check_top(a); @@ -116,11 +113,12 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (a->top < b->top) { tmp=a; a=b; b=tmp; } - max=a->top; - min=b->top; + max = a->top; + min = b->top; + dif = max - min; if (bn_wexpand(r,max+1) == NULL) - return(0); + return 0; r->top=max; @@ -128,46 +126,46 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) ap=a->d; bp=b->d; rp=r->d; - carry=0; carry=bn_add_words(rp,ap,bp,min); rp+=min; ap+=min; bp+=min; - i=min; if (carry) { - while (i < max) + while (dif) { - i++; - t1= *(ap++); - if ((*(rp++)=(t1+1)&BN_MASK2) >= t1) + dif--; + t1 = *(ap++); + t2 = (t1+1) & BN_MASK2; + *(rp++) = t2; + if (t2) { carry=0; break; } } - if ((i >= max) && carry) + if (carry) { - *(rp++)=1; + /* carry != 0 => dif == 0 */ + *rp = 1; r->top++; } } - if (rp != ap) - { - for (; i<max; i++) - *(rp++)= *(ap++); - } - /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/ + if (dif && rp != ap) + while (dif--) + /* copy remaining words if ap != rp */ + *(rp++) = *(ap++); r->neg = 0; - return(1); + bn_check_top(r); + return 1; } /* unsigned subtraction of b from a, a must be larger than b. */ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { - int max,min; + int max,min,dif; register BN_ULONG t1,t2,*ap,*bp,*rp; int i,carry; #if defined(IRIX_CC_BUG) && !defined(LINT) @@ -177,14 +175,16 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) bn_check_top(a); bn_check_top(b); - if (a->top < b->top) /* hmm... should not be happening */ + max = a->top; + min = b->top; + dif = max - min; + + if (dif < 0) /* hmm... should not be happening */ { BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); return(0); } - max=a->top; - min=b->top; if (bn_wexpand(r,max) == NULL) return(0); ap=a->d; @@ -193,7 +193,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) #if 1 carry=0; - for (i=0; i<min; i++) + for (i = min; i != 0; i--) { t1= *(ap++); t2= *(bp++); @@ -217,17 +217,20 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) ap+=min; bp+=min; rp+=min; - i=min; #endif if (carry) /* subtracted */ { - while (i < max) + if (!dif) + /* error: a < b */ + return 0; + while (dif) { - i++; - t1= *(ap++); - t2=(t1-1)&BN_MASK2; - *(rp++)=t2; - if (t1 > t2) break; + dif--; + t1 = *(ap++); + t2 = (t1-1)&BN_MASK2; + *(rp++) = t2; + if (t1) + break; } } #if 0 @@ -237,13 +240,13 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { for (;;) { - if (i++ >= max) break; + if (!dif--) break; rp[0]=ap[0]; - if (i++ >= max) break; + if (!dif--) break; rp[1]=ap[1]; - if (i++ >= max) break; + if (!dif--) break; rp[2]=ap[2]; - if (i++ >= max) break; + if (!dif--) break; rp[3]=ap[3]; rp+=4; ap+=4; @@ -253,7 +256,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) r->top=max; r->neg=0; - bn_fix_top(r); + bn_correct_top(r); return(1); } @@ -304,6 +307,7 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (!BN_usub(r,a,b)) return(0); r->neg=0; } + bn_check_top(r); return(1); } diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 2d287e6d1b..011d37f1ff 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -139,6 +139,7 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) if (!BN_BLINDING_update(b,ctx)) return(0); } + bn_check_top(n); return(ret); } diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 7daf19eb84..7b5be7c435 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -54,9 +54,10 @@ * */ -#ifndef BN_CTX_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG +#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) +#ifndef NDEBUG +#define NDEBUG +#endif #endif #include <stdio.h> @@ -65,6 +66,37 @@ #include "cryptlib.h" #include "bn_lcl.h" +/* BN_CTX structure details */ +#define BN_CTX_NUM 32 +#define BN_CTX_NUM_POS 12 +struct bignum_ctx + { + int tos; + BIGNUM bn[BN_CTX_NUM]; + int flags; + int depth; + int pos[BN_CTX_NUM_POS]; + int too_many; + }; + +#ifndef OPENSSL_NO_DEPRECATED +void BN_CTX_init(BN_CTX *ctx) +#else +static void BN_CTX_init(BN_CTX *ctx) +#endif + { +#if 0 /* explicit version */ + int i; + ctx->tos = 0; + ctx->flags = 0; + ctx->depth = 0; + ctx->too_many = 0; + for (i = 0; i < BN_CTX_NUM; i++) + BN_init(&(ctx->bn[i])); +#else + memset(ctx, 0, sizeof *ctx); +#endif + } BN_CTX *BN_CTX_new(void) { @@ -82,21 +114,6 @@ BN_CTX *BN_CTX_new(void) return(ret); } -void BN_CTX_init(BN_CTX *ctx) - { -#if 0 /* explicit version */ - int i; - ctx->tos = 0; - ctx->flags = 0; - ctx->depth = 0; - ctx->too_many = 0; - for (i = 0; i < BN_CTX_NUM; i++) - BN_init(&(ctx->bn[i])); -#else - memset(ctx, 0, sizeof *ctx); -#endif - } - void BN_CTX_free(BN_CTX *ctx) { int i; @@ -104,8 +121,10 @@ void BN_CTX_free(BN_CTX *ctx) if (ctx == NULL) return; assert(ctx->depth == 0); - for (i=0; i < BN_CTX_NUM; i++) + for (i=0; i < BN_CTX_NUM; i++) { + bn_check_top(&(ctx->bn[i])); BN_clear_free(&(ctx->bn[i])); + } if (ctx->flags & BN_FLG_MALLOCED) OPENSSL_free(ctx); } @@ -135,6 +154,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) } return NULL; } + bn_check_top(&(ctx->bn[ctx->tos])); return (&(ctx->bn[ctx->tos++])); } @@ -150,6 +170,19 @@ void BN_CTX_end(BN_CTX *ctx) ctx->too_many = 0; ctx->depth--; + /* It appears some "scrapbook" uses of BN_CTX result in BIGNUMs being + * left in an inconsistent state when they are released (eg. BN_div). + * These can trip us up when they get reused, so the safest fix is to + * make sure the BIGNUMs are made sane when the context usage is + * releasing them. */ if (ctx->depth < BN_CTX_NUM_POS) +#if 0 ctx->tos = ctx->pos[ctx->depth]; +#else + { + while(ctx->tos > ctx->pos[ctx->depth]) + /* This ensures the BIGNUM is sane(r) for reuse. */ + ctx->bn[--(ctx->tos)].top = 0; + } +#endif } diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 35e9127288..27535e4fca 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -62,6 +62,9 @@ #include "bn_lcl.h" #include <openssl/rand.h> +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg) @@ -106,3 +109,4 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, return BN_is_prime_fasttest_ex(a, checks, ctx_passed, do_trial_division, &cb); } +#endif diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 580d1201bc..2f464b31d1 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -179,12 +179,16 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { - int norm_shift,i,j,loop; + int norm_shift,i,loop; BIGNUM *tmp,wnum,*snum,*sdiv,*res; BN_ULONG *resp,*wnump; BN_ULONG d0,d1; int num_n,div_n; + if (dv) + bn_check_top(dv); + if (rm) + bn_check_top(rm); bn_check_top(num); bn_check_top(divisor); @@ -222,17 +226,19 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, div_n=sdiv->top; num_n=snum->top; loop=num_n-div_n; - /* Lets setup a 'window' into snum * This is the part that corresponds to the current * 'area' being divided */ - BN_init(&wnum); - wnum.d= &(snum->d[loop]); - wnum.top= div_n; - wnum.dmax= snum->dmax+1; /* a bit of a lie */ + wnum.neg = 0; + wnum.d = &(snum->d[loop]); + wnum.top = div_n; +#ifdef BN_DEBUG_RAND + /* only needed when BN_ucmp messes up the values between top and max */ + wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ +#endif /* Get the top 2 words of sdiv */ - /* i=sdiv->top; */ + /* div_n=sdiv->top; */ d0=sdiv->d[div_n-1]; d1=(div_n == 1)?0:sdiv->d[div_n-2]; @@ -250,19 +256,30 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, if (BN_ucmp(&wnum,sdiv) >= 0) { - if (!BN_usub(&wnum,&wnum,sdiv)) goto err; +#ifdef BN_DEBUG_RAND + /* If BN_DEBUG_RAND is defined BN_ucmp changes (via + * bn_pollute) the const bignum arguments => + * clean the values between top and max again */ + bn_clear_top2max(&wnum); +#endif + bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); *resp=1; - res->d[res->top-1]=1; } else res->top--; + /* if res->top == 0 then clear the neg value otherwise decrease + * the resp pointer */ if (res->top == 0) res->neg = 0; - resp--; + else + resp--; - for (i=0; i<loop-1; i++) + for (i=0; i<loop-1; i++, wnump--, resp--) { BN_ULONG q,l0; + /* the first part of the loop uses the top two words of + * snum and sdiv to calculate a BN_ULONG q such that + * | wnum - sdiv * q | < sdiv */ #if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG); q=bn_div_3_words(wnump,d1,d0); @@ -346,26 +363,26 @@ X) -> 0x%08X\n", #endif /* !BN_DIV3W */ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); - wnum.d--; wnum.top++; tmp->d[div_n]=l0; - for (j=div_n+1; j>0; j--) - if (tmp->d[j-1]) break; - tmp->top=j; - - j=wnum.top; - if (!BN_sub(&wnum,&wnum,tmp)) goto err; - - snum->top=snum->top+wnum.top-j; - - if (wnum.neg) + wnum.d--; + /* ingore top values of the bignums just sub the two + * BN_ULONG arrays with bn_sub_words */ + if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) { + /* Note: As we have considered only the leading + * two BN_ULONGs in the calculation of q, sdiv * q + * might be greater than wnum (but then (q-1) * sdiv + * is less or equal than wnum) + */ q--; - j=wnum.top; - if (!BN_add(&wnum,&wnum,sdiv)) goto err; - snum->top+=wnum.top-j; + if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) + /* we can't have an overflow here (assuming + * that q != 0, but if q == 0 then tmp is + * zero anyway) */ + (*wnump)++; } - *(resp--)=q; - wnump--; + /* store part of the result */ + *resp = q; } if (rm != NULL) { @@ -373,13 +390,17 @@ X) -> 0x%08X\n", * BN_rshift() will overwrite it. */ int neg = num->neg; + bn_correct_top(snum); BN_rshift(rm,snum,norm_shift); if (!BN_is_zero(rm)) rm->neg = neg; + bn_check_top(rm); } BN_CTX_end(ctx); return(1); err: + if (rm) + bn_check_top(rm); BN_CTX_end(ctx); return(0); } diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index afdfd580fb..aef77cb792 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -147,6 +147,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) err: if (r != rr) BN_copy(r,rr); BN_CTX_end(ctx); + bn_check_top(r); return(ret); } @@ -221,6 +222,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, { ret=BN_mod_exp_simple(r,a,p,m,ctx); } #endif + bn_check_top(r); return(ret); } @@ -347,6 +349,7 @@ err: for (i=0; i<ts; i++) BN_clear_free(&(val[i])); BN_RECP_CTX_free(&recp); + bn_check_top(r); return(ret); } @@ -358,6 +361,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, int start=1,ts=0; BIGNUM *d,*r; const BIGNUM *aa; + /* TODO: BN_CTX??? */ BIGNUM val[TABLE_SIZE]; BN_MONT_CTX *mont=NULL; @@ -365,7 +369,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bn_check_top(p); bn_check_top(m); - if (!(m->d[0] & 1)) + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); return(0); @@ -490,6 +494,7 @@ err: BN_CTX_end(ctx); for (i=0; i<ts; i++) BN_clear_free(&(val[i])); + bn_check_top(rr); return(ret); } @@ -520,7 +525,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bn_check_top(p); bn_check_top(m); - if (m->top == 0 || !(m->d[0] & 1)) + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); return(0); @@ -630,18 +635,19 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); + bn_check_top(rr); return(ret); } /* The old fallback, simple version :-) */ -int BN_mod_exp_simple(BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx) +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx) { int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0; int start=1; BIGNUM *d; + /* TODO: BN_CTX?? */ BIGNUM val[TABLE_SIZE]; bits=BN_num_bits(p); @@ -742,6 +748,7 @@ err: BN_CTX_end(ctx); for (i=0; i<ts; i++) BN_clear_free(&(val[i])); + bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index 73ccd58a83..979ceeffce 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -123,6 +123,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, int r_is_one=1,ts1=0,ts2=0; BIGNUM *d,*r; const BIGNUM *a_mod_m; + /* TODO: BN_CTX??? */ BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE]; BN_MONT_CTX *mont=NULL; @@ -309,5 +310,6 @@ err: BN_clear_free(&(val1[i])); for (i=0; i<ts2; i++) BN_clear_free(&(val2[i])); + bn_check_top(rr); return(ret); } diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 7649f63fd2..0248753f6d 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -140,6 +140,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) ret=1; err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } @@ -194,6 +195,7 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) { if (!BN_lshift(a,a,shifts)) goto err; } + bn_check_top(a); return(a); err: return(NULL); @@ -486,5 +488,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, err: if ((ret == NULL) && (in == NULL)) BN_free(R); BN_CTX_end(ctx); + if (ret) + bn_check_top(ret); return(ret); } diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 6edd8ab22b..fb3a8a9c77 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -288,6 +288,9 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) int i; const BIGNUM *at, *bt; + bn_check_top(a); + bn_check_top(b); + if (a->top < b->top) { at = b; bt = a; } else { at = a; bt = b; } @@ -303,7 +306,7 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) } r->top = at->top; - bn_fix_top(r); + bn_correct_top(r); return 1; } @@ -322,9 +325,15 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) int j, k; int n, dN, d0, d1; BN_ULONG zz, *z; - - /* Since the algorithm does reduction in the r value, if a != r, copy the - * contents of a into r so we can do reduction in r. + + bn_check_top(a); + + if (!p[0]) + /* reduction mod 1 => return 0 */ + return BN_zero(r); + + /* Since the algorithm does reduction in the r value, if a != r, copy + * the contents of a into r so we can do reduction in r. */ if (a != r) { @@ -345,7 +354,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) if (z[j] == 0) { j--; continue; } z[j] = 0; - for (k = 1; p[k] > 0; k++) + for (k = 1; p[k] != 0; k++) { /* reducing component t^p[k] */ n = p[0] - p[k]; @@ -375,7 +384,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */ z[0] ^= zz; /* reduction t^0 component */ - for (k = 1; p[k] > 0; k++) + for (k = 1; p[k] != 0; k++) { BN_ULONG tmp_ulong; @@ -392,8 +401,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) } - bn_fix_top(r); - + bn_correct_top(r); return 1; } @@ -405,16 +413,21 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) */ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; + unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH); goto err; } ret = BN_GF2m_mod_arr(r, a, arr); - err: + bn_check_top(r); +err: if (arr) OPENSSL_free(arr); return ret; } @@ -428,12 +441,14 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig int zlen, i, j, k, ret = 0; BIGNUM *s; BN_ULONG x1, x0, y1, y0, zz[4]; - + + bn_check_top(a); + bn_check_top(b); + if (a == b) { return BN_GF2m_mod_sqr_arr(r, a, p, ctx); } - BN_CTX_start(ctx); if ((s = BN_CTX_get(ctx)) == NULL) goto err; @@ -457,14 +472,14 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig } } - bn_fix_top(s); - BN_GF2m_mod_arr(r, s, p); - ret = 1; + bn_correct_top(s); + if (BN_GF2m_mod_arr(r, s, p)) + ret = 1; + bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; - } /* Compute the product of two polynomials a and b, reduce modulo p, and store @@ -476,16 +491,22 @@ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig */ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; + unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH); goto err; } ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); - err: + bn_check_top(r); +err: if (arr) OPENSSL_free(arr); return ret; } @@ -496,7 +517,8 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_C { int i, ret = 0; BIGNUM *s; - + + bn_check_top(a); BN_CTX_start(ctx); if ((s = BN_CTX_get(ctx)) == NULL) return 0; if (!bn_wexpand(s, 2 * a->top)) goto err; @@ -508,10 +530,11 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_C } s->top = 2 * a->top; - bn_fix_top(s); + bn_correct_top(s); if (!BN_GF2m_mod_arr(r, s, p)) goto err; + bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -524,16 +547,22 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_C */ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; + unsigned int *arr=NULL; + + bn_check_top(a); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH); goto err; } ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); - err: + bn_check_top(r); +err: if (arr) OPENSSL_free(arr); return ret; } @@ -549,6 +578,9 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BIGNUM *b, *c, *u, *v, *tmp; int ret = 0; + bn_check_top(a); + bn_check_top(p); + BN_CTX_start(ctx); b = BN_CTX_get(ctx); @@ -562,10 +594,6 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_GF2m_mod(u, a, p)) goto err; if (!BN_copy(v, p)) goto err; - u->neg = 0; /* Need to set u->neg = 0 because BN_is_one(u) checks - * the neg flag of the bignum. - */ - if (BN_is_zero(u)) goto err; while (1) @@ -580,7 +608,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_rshift1(b, b)) goto err; } - if (BN_is_one(u)) break; + if (BN_abs_is_word(u, 1)) break; if (BN_num_bits(u) < BN_num_bits(v)) { @@ -594,9 +622,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_copy(r, b)) goto err; + bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -612,13 +641,15 @@ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_ BIGNUM *field; int ret = 0; + bn_check_top(xx); BN_CTX_start(ctx); if ((field = BN_CTX_get(ctx)) == NULL) goto err; if (!BN_GF2m_arr2poly(p, field)) goto err; ret = BN_GF2m_mod_inv(r, xx, field, ctx); + bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; } @@ -632,16 +663,21 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p { BIGNUM *xinv = NULL; int ret = 0; - + + bn_check_top(y); + bn_check_top(x); + bn_check_top(p); + BN_CTX_start(ctx); xinv = BN_CTX_get(ctx); if (xinv == NULL) goto err; if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err; if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err; + bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -657,6 +693,10 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p BIGNUM *a, *b, *u, *v; int ret = 0; + bn_check_top(y); + bn_check_top(x); + bn_check_top(p); + BN_CTX_start(ctx); a = BN_CTX_get(ctx); @@ -671,10 +711,6 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p if (!BN_copy(b, p)) goto err; if (!BN_zero(v)) goto err; - a->neg = 0; /* Need to set a->neg = 0 because BN_is_one(a) checks - * the neg flag of the bignum. - */ - while (!BN_is_odd(a)) { if (!BN_rshift1(a, a)) goto err; @@ -695,7 +731,7 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p if (!BN_rshift1(v, v)) goto err; } while (!BN_is_odd(b)); } - else if (BN_is_one(a)) + else if (BN_abs_is_word(a, 1)) break; else { @@ -711,9 +747,10 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p } while (1); if (!BN_copy(r, u)) goto err; + bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -731,13 +768,17 @@ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const uns BIGNUM *field; int ret = 0; + bn_check_top(yy); + bn_check_top(xx); + BN_CTX_start(ctx); if ((field = BN_CTX_get(ctx)) == NULL) goto err; if (!BN_GF2m_arr2poly(p, field)) goto err; ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); + bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; } @@ -751,12 +792,15 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig { int ret = 0, i, n; BIGNUM *u; - + + bn_check_top(a); + bn_check_top(b); + if (BN_is_zero(b)) - { return(BN_one(r)); - } - + + if (BN_abs_is_word(b, 1)) + return (BN_copy(r, a) != NULL); BN_CTX_start(ctx); if ((u = BN_CTX_get(ctx)) == NULL) goto err; @@ -773,10 +817,9 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig } } if (!BN_copy(r, u)) goto err; - + bn_check_top(r); ret = 1; - - err: +err: BN_CTX_end(ctx); return ret; } @@ -790,16 +833,22 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsig */ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; + unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH); goto err; } ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); - err: + bn_check_top(r); +err: if (arr) OPENSSL_free(arr); return ret; } @@ -812,15 +861,22 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ { int ret = 0; BIGNUM *u; - + + bn_check_top(a); + + if (!p[0]) + /* reduction mod 1 => return 0 */ + return BN_zero(r); + BN_CTX_start(ctx); if ((u = BN_CTX_get(ctx)) == NULL) goto err; if (!BN_zero(u)) goto err; if (!BN_set_bit(u, p[0] - 1)) goto err; ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); + bn_check_top(r); - err: +err: BN_CTX_end(ctx); return ret; } @@ -834,16 +890,21 @@ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_ */ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; + unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(p); if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH); goto err; } ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); - err: + bn_check_top(r); +err: if (arr) OPENSSL_free(arr); return ret; } @@ -856,7 +917,13 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p int ret = 0, count = 0; unsigned int j; BIGNUM *a, *z, *rho, *w, *w2, *tmp; - + + bn_check_top(a_); + + if (!p[0]) + /* reduction mod 1 => return 0 */ + return BN_zero(r); + BN_CTX_start(ctx); a = BN_CTX_get(ctx); z = BN_CTX_get(ctx); @@ -917,10 +984,11 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p if (BN_GF2m_cmp(w, a)) goto err; if (!BN_copy(r, z)) goto err; + bn_check_top(r); ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -933,35 +1001,48 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p */ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { + int ret = 0; const int max = BN_num_bits(p); - unsigned int *arr=NULL, ret = 0; - if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; - if (BN_GF2m_poly2arr(p, arr, max) > max) + unsigned int *arr=NULL; + bn_check_top(a); + bn_check_top(p); + if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * + max)) == NULL) goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH); goto err; } ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); - err: + bn_check_top(r); +err: if (arr) OPENSSL_free(arr); return ret; } -/* Convert the bit-string representation of a polynomial a into an array +/* Convert the bit-string representation of a polynomial + * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array * of integers corresponding to the bits with non-zero coefficient. * Up to max elements of the array will be filled. Return value is total * number of coefficients that would be extracted if array was large enough. */ int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max) { - int i, j, k; + int i, j, k = 0; BN_ULONG mask; - for (k = 0; k < max; k++) p[k] = 0; - k = 0; + if (BN_is_zero(a) || !BN_is_bit_set(a, 0)) + /* a_0 == 0 => return error (the unsigned int array + * must be terminated by 0) + */ + return 0; for (i = a->top - 1; i >= 0; i--) { + if (!a->d[i]) + /* skip word if a->d[i] == 0 */ + continue; mask = BN_TBIT; for (j = BN_BITS2 - 1; j >= 0; j--) { @@ -984,13 +1065,15 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) { int i; + bn_check_top(a); BN_zero(a); - for (i = 0; p[i] > 0; i++) + for (i = 0; p[i] != 0; i++) { BN_set_bit(a, p[i]); } BN_set_bit(a, 0); - + bn_check_top(a); + return 1; } diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c index 49f75594ae..740359b752 100644 --- a/crypto/bn/bn_kron.c +++ b/crypto/bn/bn_kron.c @@ -53,9 +53,9 @@ * */ +#include "cryptlib.h" #include "bn_lcl.h" - /* least significant word */ #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) @@ -74,6 +74,9 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) */ static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; + bn_check_top(a); + bn_check_top(b); + BN_CTX_start(ctx); A = BN_CTX_get(ctx); B = BN_CTX_get(ctx); @@ -172,8 +175,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) tmp = A; A = B; B = tmp; tmp->neg = 0; } - - end: +end: BN_CTX_end(ctx); if (err) return -2; diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 01cb6e9280..18960f191b 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -119,20 +119,6 @@ extern "C" { #endif -/* Used for temp variables */ -#define BN_CTX_NUM 32 -#define BN_CTX_NUM_POS 12 -struct bignum_ctx - { - int tos; - BIGNUM bn[BN_CTX_NUM]; - int flags; - int depth; - int pos[BN_CTX_NUM_POS]; - int too_many; - } /* BN_CTX */; - - /* * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * @@ -263,46 +249,6 @@ struct bignum_ctx *(++ftl) = 0x0; \ } - -/* This is used for internal error checking and is not normally used */ -#ifdef BN_DEBUG -# include <assert.h> -# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax); -#else -# define bn_check_top(a) -#endif - -/* This macro is to add extra stuff for development checking */ -#ifdef BN_DEBUG -#define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA)) -#else -#define bn_set_max(r) -#endif - -/* These macros are used to 'take' a section of a bignum for read only use */ -#define bn_set_low(r,a,n) \ - { \ - (r)->top=((a)->top > (n))?(n):(a)->top; \ - (r)->d=(a)->d; \ - (r)->neg=(a)->neg; \ - (r)->flags|=BN_FLG_STATIC_DATA; \ - bn_set_max(r); \ - } - -#define bn_set_high(r,a,n) \ - { \ - if ((a)->top > (n)) \ - { \ - (r)->top=(a)->top-n; \ - (r)->d= &((a)->d[n]); \ - } \ - else \ - (r)->top=0; \ - (r)->neg=(a)->neg; \ - (r)->flags|=BN_FLG_STATIC_DATA; \ - bn_set_max(r); \ - } - #ifdef BN_LLONG #define mul_add(r,a,w,c) { \ BN_ULLONG t; \ diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index bbcc62d831..3f607cd532 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -91,28 +91,28 @@ void BN_set_params(int mult, int high, int low, int mont) { if (mult >= 0) { - if (mult > (sizeof(int)*8)-1) + if (mult > (int)(sizeof(int)*8)-1) mult=sizeof(int)*8-1; bn_limit_bits=mult; bn_limit_num=1<<mult; } if (high >= 0) { - if (high > (sizeof(int)*8)-1) + if (high > (int)(sizeof(int)*8)-1) high=sizeof(int)*8-1; bn_limit_bits_high=high; bn_limit_num_high=1<<high; } if (low >= 0) { - if (low > (sizeof(int)*8)-1) + if (low > (int)(sizeof(int)*8)-1) low=sizeof(int)*8-1; bn_limit_bits_low=low; bn_limit_num_low=1<<low; } if (mont >= 0) { - if (mont > (sizeof(int)*8)-1) + if (mont > (int)(sizeof(int)*8)-1) mont=sizeof(int)*8-1; bn_limit_bits_mont=mont; bn_limit_num_mont=1<<mont; @@ -131,7 +131,7 @@ int BN_get_params(int which) const BIGNUM *BN_value_one(void) { static BN_ULONG data_one=1L; - static BIGNUM const_one={&data_one,1,1,0}; + static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA}; return(&const_one); } @@ -145,11 +145,11 @@ char *BN_options(void) { init++; #ifdef BN_LLONG - sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8, - (int)sizeof(BN_ULONG)*8); + BIO_snprintf(data,sizeof data,"bn(%d,%d)", + (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8); #else - sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8, - (int)sizeof(BN_ULONG)*8); + BIO_snprintf(data,sizeof data,"bn(%d,%d)", + (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8); #endif } return(data); @@ -244,16 +244,11 @@ int BN_num_bits_word(BN_ULONG l) int BN_num_bits(const BIGNUM *a) { - BN_ULONG l; - int i; - + int i = a->top - 1; bn_check_top(a); - if (a->top == 0) return(0); - l=a->d[a->top-1]; - assert(l != 0); - i=(a->top-1)*BN_BITS2; - return(i+BN_num_bits_word(l)); + if (BN_is_zero(a)) return 0; + return ((i*BN_BITS2) + BN_num_bits_word(a->d[i])); } void BN_clear_free(BIGNUM *a) @@ -261,6 +256,7 @@ void BN_clear_free(BIGNUM *a) int i; if (a == NULL) return; + bn_check_top(a); if (a->d != NULL) { OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); @@ -276,16 +272,24 @@ void BN_clear_free(BIGNUM *a) void BN_free(BIGNUM *a) { if (a == NULL) return; + bn_check_top(a); if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); - a->flags|=BN_FLG_FREE; /* REMOVE? */ if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); + else + { +#ifndef OPENSSL_NO_DEPRECATED + a->flags|=BN_FLG_FREE; +#endif + a->d = NULL; + } } void BN_init(BIGNUM *a) { memset(a,0,sizeof(BIGNUM)); + bn_check_top(a); } BIGNUM *BN_new(void) @@ -302,6 +306,7 @@ BIGNUM *BN_new(void) ret->neg=0; ret->dmax=0; ret->d=NULL; + bn_check_top(ret); return(ret); } @@ -313,13 +318,13 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) const BN_ULONG *B; int i; + bn_check_top(b); + if (words > (INT_MAX/(4*BN_BITS2))) { BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); return NULL; } - - bn_check_top(b); if (BN_get_flags(b,BN_FLG_STATIC_DATA)) { BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); @@ -386,12 +391,14 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words) { BIGNUM *r = NULL; + bn_check_top(b); + /* This function does not work if * words <= b->dmax && top < words * because BN_dup() does not preserve 'dmax'! * (But bn_dup_expand() is not used anywhere yet.) */ - + if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); @@ -420,6 +427,7 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words) r = BN_dup(b); } + bn_check_top(r); return r; } @@ -434,23 +442,19 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) BN_ULONG *A; int i; + bn_check_top(b); + if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); - - if (a) - { - if (b->d) - OPENSSL_free(b->d); - b->d=a; - b->dmax=words; - } - else - b = NULL; + if(!a) return NULL; + if(b->d) OPENSSL_free(b->d); + b->d=a; + b->dmax=words; } - + /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ - if ((b != NULL) && (b->top < b->dmax)) + if (b->top < b->dmax) { A = &(b->d[b->top]); for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) @@ -462,25 +466,26 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) A[0]=0; assert(A == &(b->d[b->dmax])); } - + bn_check_top(b); return b; } BIGNUM *BN_dup(const BIGNUM *a) { - BIGNUM *r, *t; + BIGNUM *t; if (a == NULL) return NULL; - bn_check_top(a); t = BN_new(); - if (t == NULL) return(NULL); - r = BN_copy(t, a); - /* now r == t || r == NULL */ - if (r == NULL) + if (t == NULL) return NULL; + if(!BN_copy(t, a)) + { BN_free(t); - return r; + return NULL; + } + bn_check_top(t); + return t; } BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) @@ -514,11 +519,13 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) memcpy(a->d,b->d,sizeof(b->d[0])*b->top); #endif -/* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/ a->top=b->top; +#ifndef BN_STRICT if ((a->top == 0) && (a->d != NULL)) a->d[0]=0; +#endif a->neg=b->neg; + bn_check_top(a); return(a); } @@ -529,18 +536,15 @@ BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n) const BN_ULONG *B; bn_check_top(b); - if (a == b) return a; min = (b->top < (int)n)? b->top: (int)n; - if (!min) { BN_zero(a); return a; } - if (bn_wexpand(a, min) == NULL) return NULL; @@ -560,10 +564,8 @@ BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n) case 0: ; } a->top = min; - a->neg = b->neg; - bn_fix_top(a); - + bn_correct_top(a); return(a); } @@ -573,6 +575,9 @@ void BN_swap(BIGNUM *a, BIGNUM *b) BN_ULONG *tmp_d; int tmp_top, tmp_dmax, tmp_neg; + bn_check_top(a); + bn_check_top(b); + flags_old_a = a->flags; flags_old_b = b->flags; @@ -593,11 +598,13 @@ void BN_swap(BIGNUM *a, BIGNUM *b) a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); + bn_check_top(a); + bn_check_top(b); } - void BN_clear(BIGNUM *a) { + bn_check_top(a); if (a->d != NULL) memset(a->d,0,a->dmax*sizeof(a->d[0])); a->top=0; @@ -610,7 +617,7 @@ BN_ULONG BN_get_word(const BIGNUM *a) BN_ULONG ret=0; n=BN_num_bytes(a); - if (n > sizeof(BN_ULONG)) + if (n > (int)sizeof(BN_ULONG)) return(BN_MASK2); for (i=a->top-1; i>=0; i--) { @@ -628,7 +635,8 @@ BN_ULONG BN_get_word(const BIGNUM *a) int BN_set_word(BIGNUM *a, BN_ULONG w) { int i,n; - if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0); + bn_check_top(a); + if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); n=sizeof(BN_ULONG)/BN_BYTES; a->neg=0; @@ -649,6 +657,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w) a->d[i]=(BN_ULONG)w&BN_MASK2; if (a->d[i] != 0) a->top=i+1; } + bn_check_top(a); return(1); } @@ -660,6 +669,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) if (ret == NULL) ret=BN_new(); if (ret == NULL) return(NULL); + bn_check_top(ret); l=0; n=len; if (n == 0) @@ -685,7 +695,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) } /* need to call this due to clear byte at top if avoiding * having the top bit set (-ve number) */ - bn_fix_top(ret); + bn_correct_top(ret); return(ret); } @@ -695,6 +705,7 @@ int BN_bn2bin(const BIGNUM *a, unsigned char *to) int n,i; BN_ULONG l; + bn_check_top(a); n=i=BN_num_bytes(a); while (i-- > 0) { @@ -721,7 +732,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b) t1= ap[i]; t2= bp[i]; if (t1 != t2) - return(t1 > t2?1:-1); + return((t1 > t2) ? 1 : -1); } return(0); } @@ -771,6 +782,9 @@ int BN_set_bit(BIGNUM *a, int n) { int i,j,k; + if (n < 0) + return 0; + i=n/BN_BITS2; j=n%BN_BITS2; if (a->top <= i) @@ -782,6 +796,7 @@ int BN_set_bit(BIGNUM *a, int n) } a->d[i]|=(((BN_ULONG)1)<<j); + bn_check_top(a); return(1); } @@ -789,12 +804,15 @@ int BN_clear_bit(BIGNUM *a, int n) { int i,j; + bn_check_top(a); + if (n < 0) return 0; + i=n/BN_BITS2; j=n%BN_BITS2; if (a->top <= i) return(0); a->d[i]&=(~(((BN_ULONG)1)<<j)); - bn_fix_top(a); + bn_correct_top(a); return(1); } @@ -802,10 +820,11 @@ int BN_is_bit_set(const BIGNUM *a, int n) { int i,j; - if (n < 0) return(0); + bn_check_top(a); + if (n < 0) return 0; i=n/BN_BITS2; j=n%BN_BITS2; - if (a->top <= i) return(0); + if (a->top <= i) return 0; return((a->d[i]&(((BN_ULONG)1)<<j))?1:0); } @@ -813,9 +832,12 @@ int BN_mask_bits(BIGNUM *a, int n) { int b,w; + bn_check_top(a); + if (n < 0) return 0; + w=n/BN_BITS2; b=n%BN_BITS2; - if (w >= a->top) return(0); + if (w >= a->top) return 0; if (b == 0) a->top=w; else @@ -823,7 +845,7 @@ int BN_mask_bits(BIGNUM *a, int n) a->top=w+1; a->d[w]&= ~(BN_MASK2<<b); } - bn_fix_top(a); + bn_correct_top(a); return(1); } diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index 5cf82480d7..61b7255098 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -192,6 +192,7 @@ int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, else { if (!BN_mul(t,a,b,ctx)) goto err; } if (!BN_nnmod(r,t,m,ctx)) goto err; + bn_check_top(r); ret=1; err: BN_CTX_end(ctx); @@ -210,6 +211,7 @@ int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) { if (!BN_lshift1(r, a)) return 0; + bn_check_top(r); return BN_nnmod(r, r, m, ctx); } @@ -219,6 +221,7 @@ int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) { if (!BN_lshift1(r, a)) return 0; + bn_check_top(r); if (BN_cmp(r, m) >= 0) return BN_sub(r, r, m); return 1; @@ -240,6 +243,7 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ct } ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); + bn_check_top(r); if (abs_m) BN_free(abs_m); @@ -291,6 +295,7 @@ int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) if (!BN_sub(r, r, m)) return 0; } } + bn_check_top(r); return 1; } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index c9ebdbaabe..22d23cc3d7 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -90,6 +90,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } /* reduce from aRR to aR */ if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; + bn_check_top(r); ret=1; err: BN_CTX_end(ctx); @@ -172,7 +173,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; } } - bn_fix_top(r); + bn_correct_top(r); /* mont->ri will be a multiple of the word size */ #if 0 @@ -229,6 +230,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, if (!BN_usub(ret,ret,&(mont->N))) goto err; } retn=1; + bn_check_top(ret); err: BN_CTX_end(ctx); return(retn); diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 05fa9d1e9a..a054d21aed 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -124,6 +124,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) { BN_clear_bit(a,BN_num_bits(a)-1); } + bn_check_top(a); return(a); } diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index bfd7f680c9..5a92f9a335 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -549,7 +549,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; - unsigned int c1,c2,neg,zero; + int c1,c2,neg,zero; BN_ULONG ln,lo,*p; # ifdef BN_COUNT @@ -706,7 +706,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, /* The overflow will stop before we over write * words we should not overwrite */ - if (ln < c1) + if (ln < (BN_ULONG)c1) { do { p++; @@ -1090,11 +1090,12 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif - bn_fix_top(rr); + bn_correct_top(rr); if (r != rr) BN_copy(r,rr); ret=1; err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index 19bd540725..6aa196f6f8 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -1,4 +1,4 @@ -/* crypto/bn/bn_nist.p */ +/* crypto/bn/bn_nist.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -129,36 +129,36 @@ const static BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, const BIGNUM *BN_get0_nist_prime_192(void) { - static BIGNUM const_nist_192={(BN_ULONG *)_nist_p_192,BN_NIST_192_TOP, - BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA}; + static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192, + BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; return &const_nist_192; } const BIGNUM *BN_get0_nist_prime_224(void) { - static BIGNUM const_nist_224={(BN_ULONG *)_nist_p_224,BN_NIST_224_TOP, - BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA}; + static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224, + BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; return &const_nist_224; } const BIGNUM *BN_get0_nist_prime_256(void) { - static BIGNUM const_nist_256={(BN_ULONG *)_nist_p_256,BN_NIST_256_TOP, - BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA}; + static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256, + BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; return &const_nist_256; } const BIGNUM *BN_get0_nist_prime_384(void) { - static BIGNUM const_nist_384={(BN_ULONG *)_nist_p_384,BN_NIST_384_TOP, - BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA}; + static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384, + BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; return &const_nist_384; } const BIGNUM *BN_get0_nist_prime_521(void) { - static BIGNUM const_nist_521={(BN_ULONG *)_nist_p_521,BN_NIST_521_TOP, - BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA}; + static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521, + BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; return &const_nist_521; } @@ -357,14 +357,15 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; } @@ -449,13 +450,14 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; #else return 0; @@ -607,13 +609,14 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; #else return 0; @@ -775,13 +778,14 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, #if 1 bn_clear_top2max(r); #endif - bn_fix_top(r); + bn_correct_top(r); if (BN_ucmp(r, field) >= 0) { bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP); - bn_fix_top(r); + bn_correct_top(r); } + bn_check_top(r); return 1; #else return 0; @@ -823,6 +827,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, if (tmp->top == BN_NIST_521_TOP) tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; + bn_correct_top(tmp); if (!BN_uadd(r, tmp, r)) return 0; top = r->top; @@ -833,11 +838,12 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_NIST_ADD_ONE(r_d) r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; } - bn_fix_top(r); + bn_correct_top(r); ret = 1; err: BN_CTX_end(ctx); - + + bn_check_top(r); return ret; } diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index fd863933e5..4430e90df5 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -226,6 +226,7 @@ loop: err: BN_free(&t); if (ctx != NULL) BN_CTX_free(ctx); + bn_check_top(ret); return found; } @@ -363,6 +364,7 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, } /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', * and it is neither -1 nor +1 -- so 'a' cannot be prime */ + bn_check_top(w); return 1; } @@ -394,6 +396,7 @@ again: } } if (!BN_add_word(rnd,delta)) return(0); + bn_check_top(rnd); return(1); } @@ -431,6 +434,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, ret=1; err: BN_CTX_end(ctx); + bn_check_top(rnd); return(ret); } @@ -482,5 +486,6 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, ret=1; err: BN_CTX_end(ctx); + bn_check_top(p); return(ret); } diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl index 9fc3765486..e583d1d53b 100644 --- a/crypto/bn/bn_prime.pl +++ b/crypto/bn/bn_prime.pl @@ -11,7 +11,7 @@ loop: while ($#primes < $num-1) $p+=2; $s=int(sqrt($p)); - for ($i=0; $primes[$i]<=$s; $i++) + for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++) { next loop if (($p%$primes[$i]) == 0); } diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 5f46b1826c..7f7b36a122 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -79,7 +79,7 @@ char *BN_bn2hex(const BIGNUM *a) } p=buf; if (a->neg) *(p++)='-'; - if (a->top == 0) *(p++)='0'; + if (BN_is_zero(a)) *(p++)='0'; for (i=a->top-1; i >=0; i--) { for (j=BN_BITS2-8; j >= 0; j-=8) @@ -119,10 +119,11 @@ char *BN_bn2dec(const BIGNUM *a) } if ((t=BN_dup(a)) == NULL) goto err; +#define BUF_REMAIN (num+3 - (size_t)(p - buf)) p=buf; lp=bn_data; if (t->neg) *(p++)='-'; - if (t->top == 0) + if (BN_is_zero(t)) { *(p++)='0'; *(p++)='\0'; @@ -139,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a) /* We now have a series of blocks, BN_DEC_NUM chars * in length, where the last one needs truncation. * The blocks need to be reversed in order. */ - sprintf(p,BN_DEC_FMT1,*lp); + BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp); while (*p) p++; while (lp != bn_data) { lp--; - sprintf(p,BN_DEC_FMT2,*lp); + BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp); while (*p) p++; } } @@ -210,10 +211,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a) j-=(BN_BYTES*2); } ret->top=h; - bn_fix_top(ret); + bn_correct_top(ret); ret->neg=neg; *bn=ret; + bn_check_top(ret); return(num); err: if (*bn == NULL) BN_free(ret); @@ -269,8 +271,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a) } ret->neg=neg; - bn_fix_top(ret); + bn_correct_top(ret); *bn=ret; + bn_check_top(ret); return(num); err: if (*bn == NULL) BN_free(ret); @@ -299,7 +302,7 @@ int BN_print(BIO *bp, const BIGNUM *a) int ret=0; if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; - if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end; + if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end; for (i=a->top-1; i >=0; i--) { for (j=BN_BITS2-4; j >= 0; j-=4) diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 480817a4b6..de5a1f0c63 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -204,6 +204,7 @@ err: OPENSSL_cleanse(buf,bytes); OPENSSL_free(buf); } + bn_check_top(rnd); return(ret); } @@ -290,6 +291,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) while (BN_cmp(r, range) >= 0); } + bn_check_top(r); return 1; } diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index ef5fdd4708..411dd60895 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -123,6 +123,7 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, ret = BN_div_recp(NULL,r,ca,recp,ctx); err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } @@ -203,6 +204,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, ret=1; err: BN_CTX_end(ctx); + if(dv) bn_check_top(dv); + if(rem) bn_check_top(rem); return(ret); } @@ -226,5 +229,6 @@ int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) ret=len; err: BN_free(&t); + bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 70f785ea18..de9312dce2 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -65,6 +65,9 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) register BN_ULONG *ap,*rp,t,c; int i; + bn_check_top(r); + bn_check_top(a); + if (r != a) { r->neg=a->neg; @@ -89,6 +92,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) *rp=1; r->top++; } + bn_check_top(r); return(1); } @@ -97,6 +101,9 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) BN_ULONG *ap,*rp,t,c; int i; + bn_check_top(r); + bn_check_top(a); + if (BN_is_zero(a)) { BN_zero(r); @@ -117,7 +124,8 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) rp[i]=((t>>1)&BN_MASK2)|c; c=(t&1)?BN_TBIT:0; } - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } @@ -127,6 +135,9 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t,*f; BN_ULONG l; + bn_check_top(r); + bn_check_top(a); + r->neg=a->neg; nw=n/BN_BITS2; if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); @@ -149,7 +160,8 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) /* for (i=0; i<nw; i++) t[i]=0;*/ r->top=a->top+nw+1; - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } @@ -159,6 +171,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) BN_ULONG *t,*f; BN_ULONG l,tmp; + bn_check_top(r); + bn_check_top(a); + nw=n/BN_BITS2; rb=n%BN_BITS2; lb=BN_BITS2-rb; @@ -185,13 +200,13 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) if (rb == 0) { - for (i=j+1; i > 0; i--) + for (i=j; i != 0; i--) *(t++)= *(f++); } else { l= *(f++); - for (i=1; i<j; i++) + for (i=j-1; i != 0; i--) { tmp =(l>>rb)&BN_MASK2; l= *(f++); @@ -199,7 +214,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) } *(t++) =(l>>rb)&BN_MASK2; } - *t=0; - bn_fix_top(r); + bn_correct_top(r); + bn_check_top(r); return(1); } diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index c1d0cca438..ab678d1f30 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -145,6 +145,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) ret = 1; err: BN_CTX_end(ctx); + bn_check_top(r); return(ret); } diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 463d4a8139..51902703e1 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -86,6 +86,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BN_free(ret); return NULL; } + bn_check_top(ret); return ret; } @@ -104,6 +105,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BN_free(ret); return NULL; } + bn_check_top(ret); return ret; } @@ -384,5 +386,6 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = NULL; } BN_CTX_end(ctx); + bn_check_top(ret); return ret; } diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c index 988e0ca7b3..a241150157 100644 --- a/crypto/bn/bn_word.c +++ b/crypto/bn/bn_word.c @@ -85,12 +85,17 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) { - BN_ULONG ret; + BN_ULONG ret = 0; int i; - if (a->top == 0) return(0); - ret=0; - w&=BN_MASK2; + w &= BN_MASK2; + + if (!w) + /* actually this an error (division by zero) */ + return 0; + if (a->top == 0) + return 0; + for (i=a->top-1; i>=0; i--) { BN_ULONG l,d; @@ -102,6 +107,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) } if ((a->top > 0) && (a->d[a->top-1] == 0)) a->top--; + bn_check_top(a); return(ret); } @@ -110,6 +116,11 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) BN_ULONG l; int i; + w &= BN_MASK2; + + if (!w) + return 1; + if (a->neg) { a->neg=0; @@ -118,7 +129,6 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) a->neg=!(a->neg); return(i); } - w&=BN_MASK2; if (bn_wexpand(a,a->top+1) == NULL) return(0); i=0; for (;;) @@ -136,6 +146,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) } if (i >= a->top) a->top++; + bn_check_top(a); return(1); } @@ -143,6 +154,11 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) { int i; + w &= BN_MASK2; + + if (!w) + return 1; + if (BN_is_zero(a) || a->neg) { a->neg=0; @@ -151,7 +167,6 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) return(i); } - w&=BN_MASK2; if ((a->top == 1) && (a->d[0] < w)) { a->d[0]=w-a->d[0]; @@ -175,6 +190,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) } if ((a->d[i] == 0) && (i == (a->top-1))) a->top--; + bn_check_top(a); return(1); } @@ -197,6 +213,7 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w) } } } + bn_check_top(a); return(1); } diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index fe057dc22f..0d37dcff4d 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -1502,7 +1502,7 @@ int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx) return ret; } -static void genprime_cb(int p, int n, void *arg) +static int genprime_cb(int p, int n, BN_GENCB *arg) { char c='*'; @@ -1512,12 +1512,12 @@ static void genprime_cb(int p, int n, void *arg) if (p == 3) c='\n'; putc(c, stderr); fflush(stderr); - (void)n; - (void)arg; + return 1; } int test_kron(BIO *bp, BN_CTX *ctx) { + BN_GENCB cb; BIGNUM *a,*b,*r,*t; int i; int legendre, kronecker; @@ -1528,6 +1528,8 @@ int test_kron(BIO *bp, BN_CTX *ctx) r = BN_new(); t = BN_new(); if (a == NULL || b == NULL || r == NULL || t == NULL) goto err; + + BN_GENCB_set(&cb, genprime_cb, NULL); /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). * In this case we know that if b is prime, then BN_kronecker(a, b, ctx) @@ -1538,7 +1540,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) * don't want to test whether b is prime but whether BN_kronecker * works.) */ - if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err; + if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err; b->neg = rand_neg(); putc('\n', stderr); @@ -1606,6 +1608,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) int test_sqrt(BIO *bp, BN_CTX *ctx) { + BN_GENCB cb; BIGNUM *a,*p,*r; int i, j; int ret = 0; @@ -1614,7 +1617,9 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) p = BN_new(); r = BN_new(); if (a == NULL || p == NULL || r == NULL) goto err; - + + BN_GENCB_set(&cb, genprime_cb, NULL); + for (i = 0; i < 16; i++) { if (i < 8) @@ -1628,7 +1633,7 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) if (!BN_set_word(a, 32)) goto err; if (!BN_set_word(r, 2*i + 1)) goto err; - if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err; + if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err; putc('\n', stderr); } p->neg = rand_neg(); diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index b09cf88705..37aec55b89 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -181,6 +181,9 @@ int main(int argc, char *argv[]) err: ERR_load_crypto_strings(); ERR_print_errors(out); +#ifdef OPENSSL_SYS_NETWARE + printf("ERROR\n"); +#endif EXIT(1); return(1); } diff --git a/crypto/buffer/Makefile.ssl b/crypto/buffer/Makefile.ssl index e8b6c9693a..b131ca3078 100644 --- a/crypto/buffer/Makefile.ssl +++ b/crypto/buffer/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c index 6559060784..73702f0f10 100644 --- a/crypto/buffer/buf_err.c +++ b/crypto/buffer/buf_err.c @@ -1,6 +1,6 @@ /* crypto/buffer/buf_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,15 +61,16 @@ #include <stdio.h> #include <openssl/err.h> #include <openssl/buffer.h> -#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA BUF_str_functs[]= { +{ERR_PACK(0,BUF_F_BUF_MEMDUP,0), "BUF_memdup"}, {ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"}, {ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"}, {ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"}, +{ERR_PACK(0,BUF_F_BUF_STRNDUP,0), "BUF_strndup"}, {0,NULL} }; diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index d96487e7db..03ebf23a14 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -164,22 +164,41 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) char *BUF_strdup(const char *str) { + if (str == NULL) return(NULL); + return BUF_strndup(str, strlen(str)); + } + +char *BUF_strndup(const char *str, size_t siz) + { char *ret; - int n; if (str == NULL) return(NULL); - n=strlen(str); - ret=OPENSSL_malloc(n+1); + ret=OPENSSL_malloc(siz+1); if (ret == NULL) { - BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE); + BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); return(NULL); } - memcpy(ret,str,n+1); + BUF_strlcpy(ret,str,siz+1); return(ret); } +void *BUF_memdup(const void *data, size_t siz) + { + void *ret; + + if (data == NULL) return(NULL); + + ret=OPENSSL_malloc(siz); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); + return(NULL); + } + return memcpy(ret, data, siz); + } + size_t BUF_strlcpy(char *dst, const char *src, size_t size) { size_t l = 0; diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h index 465dc34f3f..7f557c21c3 100644 --- a/crypto/buffer/buffer.h +++ b/crypto/buffer/buffer.h @@ -64,7 +64,10 @@ extern "C" { #endif #include <stddef.h> + +#if !defined(NO_SYS_TYPES_H) #include <sys/types.h> +#endif typedef struct buf_mem_st { @@ -78,6 +81,8 @@ void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, int len); int BUF_MEM_grow_clean(BUF_MEM *str, int len); char * BUF_strdup(const char *str); +char * BUF_strndup(const char *str, size_t siz); +void * BUF_memdup(const void *data, size_t siz); /* safe string functions */ size_t BUF_strlcpy(char *dst,const char *src,size_t siz); @@ -93,9 +98,11 @@ void ERR_load_BUF_strings(void); /* Error codes for the BUF functions. */ /* Function codes. */ +#define BUF_F_BUF_MEMDUP 103 #define BUF_F_BUF_MEM_GROW 100 #define BUF_F_BUF_MEM_NEW 101 #define BUF_F_BUF_STRDUP 102 +#define BUF_F_BUF_STRNDUP 104 /* Reason codes. */ diff --git a/crypto/cast/Makefile.ssl b/crypto/cast/Makefile.ssl index 70c47bf8e6..98393a37ba 100644 --- a/crypto/cast/Makefile.ssl +++ b/crypto/cast/Makefile.ssl @@ -25,6 +25,7 @@ CAST_ENC=c_enc.o #CAST_ENC=asm/cx86bdsi.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=casttest.c @@ -70,7 +71,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/cast/asm/.cvsignore b/crypto/cast/asm/.cvsignore index ed39ad9fc6..d6bf08ba1b 100644 --- a/crypto/cast/asm/.cvsignore +++ b/crypto/cast/asm/.cvsignore @@ -1 +1,2 @@ cx86unix.cpp +cx86-elf.s diff --git a/crypto/cast/cast_spd.c b/crypto/cast/cast_spd.c index 76abf50d98..d650af475c 100644 --- a/crypto/cast/cast_spd.c +++ b/crypto/cast/cast_spd.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif + #ifndef _IRIX #include <time.h> #endif diff --git a/crypto/cast/castopts.c b/crypto/cast/castopts.c index 1b858d153b..33b2c7b06f 100644 --- a/crypto/cast/castopts.c +++ b/crypto/cast/castopts.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif + #ifndef _IRIX #include <time.h> #endif diff --git a/crypto/comp/Makefile.ssl b/crypto/comp/Makefile.ssl index f60c7a1afc..f70ba1b285 100644 --- a/crypto/comp/Makefile.ssl +++ b/crypto/comp/Makefile.ssl @@ -50,7 +50,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 3bcb7c9600..7553a2d107 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -30,6 +30,7 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen); +#if 0 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen); static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, @@ -48,6 +49,7 @@ static COMP_METHOD zlib_stateless_method={ NULL, NULL, }; +#endif static COMP_METHOD zlib_stateful_method={ NID_zlib_compression, @@ -79,12 +81,18 @@ static COMP_METHOD zlib_stateful_method={ #include <openssl/dso.h> /* Prototypes for built in stubs */ +#if 0 static int stub_compress(Bytef *dest,uLongf *destLen, const Bytef *source, uLong sourceLen); +#endif static int stub_inflateEnd(z_streamp strm); static int stub_inflate(z_streamp strm, int flush); static int stub_inflateInit_(z_streamp strm, const char * version, int stream_size); +static int stub_deflateEnd(z_streamp strm); +static int stub_deflate(z_streamp strm, int flush); +static int stub_deflateInit_(z_streamp strm, int level, + const char * version, int stream_size); /* Function pointers */ typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen, @@ -111,11 +119,9 @@ static DSO *zlib_dso = NULL; #define compress stub_compress #define inflateEnd stub_inflateEnd #define inflate stub_inflate -#define inflateInit stub_inflateInit #define inflateInit_ stub_inflateInit_ #define deflateEnd stub_deflateEnd #define deflate stub_deflate -#define deflateInit stub_deflateInit #define deflateInit_ stub_deflateInit_ #endif /* ZLIB_SHARED */ @@ -152,7 +158,8 @@ static int zlib_stateful_init(COMP_CTX *ctx) state->istream.next_out = Z_NULL; state->istream.avail_in = 0; state->istream.avail_out = 0; - err = inflateInit(&state->istream); + err = inflateInit_(&state->istream, + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) goto err; @@ -163,16 +170,20 @@ static int zlib_stateful_init(COMP_CTX *ctx) state->ostream.next_out = Z_NULL; state->ostream.avail_in = 0; state->ostream.avail_out = 0; - err = deflateInit(&state->ostream,Z_DEFAULT_COMPRESSION); + err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION, + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) goto err; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); if (zlib_stateful_ex_idx == -1) { - zlib_stateful_ex_idx = - CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, - 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); + CRYPTO_w_lock(CRYPTO_LOCK_COMP); + if (zlib_stateful_ex_idx == -1) + zlib_stateful_ex_idx = + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, + 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); + CRYPTO_w_unlock(CRYPTO_LOCK_COMP); if (zlib_stateful_ex_idx == -1) goto err; } @@ -243,6 +254,7 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, return olen - state->istream.avail_out; } +#if 0 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen) { @@ -319,7 +331,8 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, stream.zalloc = (alloc_func)0; stream.zfree = (free_func)0; - err = inflateInit(&stream); + err = inflateInit_(&stream, + ZLIB_VERSION, sizeof(z_stream)); if (err != Z_OK) return err; err = inflate(&stream, Z_FINISH); @@ -332,6 +345,7 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, err = inflateEnd(&stream); return err; } +#endif #endif @@ -383,6 +397,7 @@ COMP_METHOD *COMP_zlib(void) } #ifdef ZLIB_SHARED +#if 0 /* Stubs for each function to be dynamicly loaded */ static int stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) @@ -392,6 +407,7 @@ stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) else return(Z_MEM_ERROR); } +#endif static int stub_inflateEnd(z_streamp strm) @@ -443,7 +459,7 @@ stub_deflateInit_(z_streamp strm, int level, const char * version, int stream_size) { if ( p_deflateInit_ ) - return(p_deflateInit_(strm,version,stream_size)); + return(p_deflateInit_(strm,level,version,stream_size)); else return(Z_MEM_ERROR); } diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index e7bcaff740..bbe11d303a 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -50,7 +50,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) @@ -127,9 +127,9 @@ conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h conf_mall.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -conf_mall.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -conf_mall.o: ../cryptlib.h conf_mall.c +conf_mall.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +conf_mall.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c conf_mod.o: ../../e_os.h ../../include/openssl/asn1.h conf_mod.o: ../../include/openssl/bio.h ../../include/openssl/bn.h conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -161,6 +161,6 @@ conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -conf_sap.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -conf_sap.o: ../cryptlib.h conf_sap.c +conf_sap.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +conf_sap.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 179f11e65a..9da004ce65 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); goto err; } - strcpy(section,"default"); + BUF_strlcpy(section,"default",10); if (_CONF_new_data(conf) == 0) { @@ -392,7 +392,7 @@ again: ERR_R_MALLOC_FAILURE); goto err; } - strcpy(v->name,pname); + BUF_strlcpy(v->name,pname,strlen(pname)+1); if (!str_copy(conf,psection,&(v->value),start)) goto err; if (strcmp(psection,section) != 0) @@ -447,7 +447,7 @@ err: if (buff != NULL) BUF_MEM_free(buff); if (section != NULL) OPENSSL_free(section); if (line != NULL) *line=eline; - sprintf(btmp,"%ld",eline); + BIO_snprintf(btmp,sizeof btmp,"%ld",eline); ERR_add_error_data(2,"line ",btmp); if ((h != conf->data) && (conf->data != NULL)) { @@ -637,7 +637,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from))); + BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from))); while (*p) buf->data[to++]= *(p++); from=e; diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index edcc08921c..d45adea851 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value, { char rcode[DECIMAL_SIZE(ret)+1]; CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); - sprintf(rcode, "%-8d", ret); + BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); } } @@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void) if (!file) return NULL; - strcpy(file,X509_get_default_cert_area()); + BUF_strlcpy(file,X509_get_default_cert_area(),len + 1); #ifndef OPENSSL_SYS_VMS - strcat(file,"/"); + BUF_strlcat(file,"/",len + 1); #endif - strcat(file,OPENSSL_CONF); + BUF_strlcat(file,OPENSSL_CONF,len + 1); return file; } @@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void) * be used to parse comma separated lists for example. */ -int CONF_parse_list(const char *list, int sep, int nospc, +int CONF_parse_list(const char *list_, int sep, int nospc, int (*list_cb)(const char *elem, int len, void *usr), void *arg) { int ret; const char *lstart, *tmpend, *p; - lstart = list; + lstart = list_; for(;;) { diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index bc023e3f44..009c3be4c0 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -167,7 +167,9 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "ecdh", "bn", "ec_pre_comp", -#if CRYPTO_NUM_LOCKS != 37 + "store", + "comp", +#if CRYPTO_NUM_LOCKS != 39 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index dd5c62decd..309b29f0bf 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -78,12 +78,15 @@ $ ENDIF $! $! Define The Different Encryption Types. $! -$ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - +$ ENCRYPT_TYPES = "Basic,"+ - + "OBJECTS,"+ - + "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ - - "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ - + "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5" + "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - + "STORE" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -182,7 +185,7 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time" +$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" @@ -225,7 +228,8 @@ $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - "dso_openssl,dso_win32,dso_vms" $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "eng_table,eng_pkey,eng_fat,eng_all,"+ - - "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_rand,tb_cipher,tb_digest,tb_ecdh,"+ - + "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ - + "tb_cipher,tb_digest,"+ - "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev" $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr" $ LIB_BUFFER = "buffer,buf_err" @@ -289,6 +293,7 @@ $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - $ LIB_UI_COMPAT = ",ui_compat" $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT $ LIB_KRB5 = "krb5_asn" +$ LIB_STORE = "str_err,str_lib,str_meth,str_mem" $! $! Setup exceptional compilations $! diff --git a/crypto/crypto.h b/crypto/crypto.h index 0f15a56544..5238e53066 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -152,6 +152,16 @@ extern "C" { #define SSLEAY_PLATFORM 4 #define SSLEAY_DIR 5 +/* A generic structure to pass assorted data in a expandable way */ +typedef struct openssl_item_st + { + int code; + void *value; /* Not used for flag attributes */ + size_t value_size; /* Max size of value for output, length for input */ + size_t *value_length; /* Returned length of value for output */ + } OPENSSL_ITEM; + + /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock * names in cryptlib.c */ @@ -192,7 +202,9 @@ extern "C" { #define CRYPTO_LOCK_ECDH 34 #define CRYPTO_LOCK_BN 35 #define CRYPTO_LOCK_EC_PRE_COMP 36 -#define CRYPTO_NUM_LOCKS 37 +#define CRYPTO_LOCK_STORE 37 +#define CRYPTO_LOCK_COMP 38 +#define CRYPTO_NUM_LOCKS 39 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -302,6 +314,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) #define CRYPTO_EX_INDEX_ECDSA 12 #define CRYPTO_EX_INDEX_ECDH 13 #define CRYPTO_EX_INDEX_COMP 14 +#define CRYPTO_EX_INDEX_STORE 15 /* Dynamically assigned indexes start from this value (don't use directly, use * via CRYPTO_ex_data_new_class). */ diff --git a/crypto/cversion.c b/crypto/cversion.c index 8ecfba7b16..beeeb14013 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -61,7 +61,9 @@ #include "cryptlib.h" #include <openssl/crypto.h> +#ifndef NO_WINDOWS_BRAINDEATH #include "buildinf.h" +#endif const char *SSLeay_version(int t) { @@ -72,7 +74,7 @@ const char *SSLeay_version(int t) #ifdef DATE static char buf[sizeof(DATE)+11]; - sprintf(buf,"built on: %s",DATE); + BIO_snprintf(buf,sizeof buf,"built on: %s",DATE); return(buf); #else return("built on: date not available"); @@ -83,7 +85,7 @@ const char *SSLeay_version(int t) #ifdef CFLAGS static char buf[sizeof(CFLAGS)+11]; - sprintf(buf,"compiler: %s",CFLAGS); + BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS); return(buf); #else return("compiler: information not available"); @@ -94,7 +96,7 @@ const char *SSLeay_version(int t) #ifdef PLATFORM static char buf[sizeof(PLATFORM)+11]; - sprintf(buf,"platform: %s", PLATFORM); + BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM); return(buf); #else return("platform: information not available"); diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index 34ca7acba5..02a62402ac 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -22,6 +22,7 @@ DES_ENC= des_enc.o fcrypt_b.o #DES_ENC= dx86-elf.o yx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=destest.c @@ -99,7 +100,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) @@ -160,12 +161,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cfb64enc.o: cfb64enc.c des_locl.h -cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h +cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h +cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +cfb_enc.o: cfb_enc.c des_locl.h des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c index 17bf77ca9e..136efba95b 100644 --- a/crypto/des/cfb_enc.c +++ b/crypto/des/cfb_enc.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include "e_os.h" #include "des_locl.h" /* The input and output are loaded in multiples of 8 bits. diff --git a/crypto/des/des_opts.c b/crypto/des/des_opts.c index 79278b920e..2df82962c5 100644 --- a/crypto/des/des_opts.c +++ b/crypto/des/des_opts.c @@ -71,7 +71,11 @@ #include <io.h> extern void exit(); #endif + +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif + #ifndef _IRIX #include <time.h> #endif diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 687c00c792..4584cf3004 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -333,7 +333,8 @@ static int cfb64_test(unsigned char *cfb_cipher); static int ede_cfb64_test(unsigned char *cfb_cipher); int main(int argc, char *argv[]) { - int i,j,err=0; + int j,err=0; + unsigned int i; des_cblock in,out,outin,iv3,iv2; des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; @@ -391,7 +392,7 @@ int main(int argc, char *argv[]) DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { - int n; + unsigned int n; printf("des_ede3_cbcm_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) @@ -431,7 +432,7 @@ int main(int argc, char *argv[]) #ifndef LIBDES_LIT printf("Doing ede ecb\n"); - for (i=0; i<(NUM_TESTS-1); i++) + for (i=0; i<(NUM_TESTS-2); i++) { DES_set_key_unchecked(&key_data[i],&ks); DES_set_key_unchecked(&key_data[i+1],&ks2); @@ -540,7 +541,7 @@ int main(int argc, char *argv[]) if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { - int n; + unsigned int n; printf("des_ede3_cbc_encrypt encrypt error\n"); for(n=0 ; n < i ; ++n) @@ -556,7 +557,7 @@ int main(int argc, char *argv[]) des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT); if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) { - int n; + unsigned int n; printf("des_ede3_cbc_encrypt decrypt error\n"); for(n=0 ; n < i ; ++n) @@ -820,6 +821,9 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]); printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); err=1; } +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif printf("\n"); return(err); } diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c index 1b70f68806..784aa5ba23 100644 --- a/crypto/des/ecb_enc.c +++ b/crypto/des/ecb_enc.c @@ -60,6 +60,7 @@ #include "des_ver.h" #include "spr.h" #include <openssl/opensslv.h> +#include <openssl/bio.h> OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT; OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT; @@ -97,7 +98,8 @@ const char *DES_options(void) size="int"; else size="long"; - sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); + BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, + size); init=0; } return(buf); diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c index 2758c32656..ccbdff250f 100644 --- a/crypto/des/fcrypt.c +++ b/crypto/des/fcrypt.c @@ -58,9 +58,6 @@ static unsigned const char cov_2char[64]={ 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A }; -void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, - DES_LONG Eswap0, DES_LONG Eswap1); - char *DES_crypt(const char *buf, const char *salt) { static char buff[14]; diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index 143008ed9c..55efe03f42 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -87,7 +87,7 @@ static const unsigned char odd_parity[256]={ void DES_set_odd_parity(DES_cblock *key) { - int i; + unsigned int i; for (i=0; i<DES_KEY_SZ; i++) (*key)[i]=odd_parity[(*key)[i]]; @@ -95,7 +95,7 @@ void DES_set_odd_parity(DES_cblock *key) int DES_check_key_parity(const_DES_cblock *key) { - int i; + unsigned int i; for (i=0; i<DES_KEY_SZ; i++) { diff --git a/crypto/des/speed.c b/crypto/des/speed.c index 48fc1d49fc..1616f4b7c9 100644 --- a/crypto/des/speed.c +++ b/crypto/des/speed.c @@ -69,7 +69,11 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#define crypt(c,s) (des_crypt((c),(s))) +#endif + #ifndef _IRIX #include <time.h> #endif diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index c1ccf0060a..226518522e 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) @@ -120,27 +120,27 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dh_gen.o: ../cryptlib.h dh_gen.c -dh_key.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -dh_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dh_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dh_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -dh_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dh_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_key.o: ../../include/openssl/ui.h ../cryptlib.h dh_key.c +dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dh_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h dh_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -dh_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +dh_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_lib.o: ../../include/openssl/ui.h ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +dh_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index 3eb319e2a8..acc05f252c 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -61,6 +61,9 @@ #include <openssl/bn.h> #include <openssl/dh.h> +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED DH *DH_generate_parameters(int prime_len, int generator, void (*callback)(int,int,void *), void *cb_arg) { @@ -77,3 +80,4 @@ DH *DH_generate_parameters(int prime_len, int generator, DH_free(ret); return NULL; } +#endif diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index dc25283f7c..1b193649d3 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -89,12 +89,13 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK cb(int p, int n, void *arg); +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg); static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int main(int argc, char *argv[]) { + BN_GENCB _cb; DH *a; DH *b=NULL; char buf[12]; @@ -116,8 +117,10 @@ int main(int argc, char *argv[]) if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); - a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); - if (a == NULL) goto err; + BN_GENCB_set(&_cb, &cb, out); + if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, + DH_GENERATOR_5, &_cb)) + goto err; if (!DH_check(a, &i)) goto err; if (i & DH_CHECK_P_NOT_PRIME) @@ -194,14 +197,14 @@ err: if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); - CRYPTO_mem_leaks_fp(stderr); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(ret); } -static void MS_CALLBACK cb(int p, int n, void *arg) +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg) { char c='*'; @@ -209,10 +212,11 @@ static void MS_CALLBACK cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); #ifdef LINT p=n; #endif + return 1; } #endif diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 29fa723c61..3ee5a2f28f 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -49,7 +49,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) @@ -139,48 +139,43 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h dsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h dsa_lib.o: ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -dsa_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_ossl.o: ../cryptlib.h dsa_ossl.c dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -dsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_sign.o: ../cryptlib.h dsa_sign.c dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -dsa_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_vrf.o: ../../include/openssl/ui.h ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index cb80457211..f2da680eb4 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -69,6 +69,8 @@ #define HASH EVP_sha1() #endif +static void *dummy=&dummy; + #ifndef OPENSSL_NO_SHA #include <stdio.h> @@ -80,6 +82,7 @@ #include <openssl/rand.h> #include <openssl/sha.h> +#ifndef OPENSSL_NO_DEPRECATED DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, @@ -100,3 +103,4 @@ DSA *DSA_generate_parameters(int bits, return NULL; } #endif +#endif diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 49c630b106..ccc456eab7 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -90,7 +90,7 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK dsa_cb(int p, int n, void *arg); +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg); /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -135,6 +135,7 @@ static BIO *bio_err=NULL; int main(int argc, char **argv) { + BN_GENCB cb; DSA *dsa=NULL; int counter,ret=0,i,j; unsigned char buf[256]; @@ -154,7 +155,10 @@ int main(int argc, char **argv) BIO_printf(bio_err,"test generation of DSA parameters\n"); - dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); + BN_GENCB_set(&cb, dsa_cb, bio_err); + if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, + seed, 20, &counter, &h, &cb)) + goto end; BIO_printf(bio_err,"seed\n"); for (i=0; i<20; i+=4) @@ -217,17 +221,14 @@ end: BIO_free(bio_err); bio_err = NULL; } +#ifdef OPENSSL_SYS_NETWARE + if (!ret) printf("ERROR\n"); +#endif EXIT(!ret); return(0); } -static int cb_exit(int ec) - { - EXIT(ec); - return(0); /* To keep some compilers quiet */ - } - -static void MS_CALLBACK dsa_cb(int p, int n, void *arg) +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg) { char c='*'; static int ok=0,num=0; @@ -236,13 +237,14 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) { c='*'; ok++; } if (p == 3) c='\n'; - BIO_write(arg,&c,1); - (void)BIO_flush(arg); + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); if (!ok && (p == 0) && (num > 1)) { BIO_printf((BIO *)arg,"error in dsatest\n"); - cb_exit(1); + return 0; } + return 1; } #endif diff --git a/crypto/dso/Makefile.ssl b/crypto/dso/Makefile.ssl index 3d00363bb6..c0449d184e 100644 --- a/crypto/dso/Makefile.ssl +++ b/crypto/dso/Makefile.ssl @@ -49,7 +49,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h index 9a1cdabf39..fccf54f960 100644 --- a/crypto/dso/dso.h +++ b/crypto/dso/dso.h @@ -95,6 +95,13 @@ extern "C" { */ #define DSO_FLAG_UPCASE_SYMBOL 0x10 +/* This flag loads the library with public symbols. + * Meaning: The exported symbols of this library are public + * to all libraries loaded after this library. + * At the moment only implemented in unix. + */ +#define DSO_FLAG_GLOBAL_SYMBOLS 0x20 + typedef void (*DSO_FUNC_TYPE)(void); diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index de88b2fd16..2d7534afac 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -128,7 +128,11 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) # endif # endif #else -# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ +# ifdef OPENSSL_SYS_SUNOS +# define DLOPEN_FLAG 1 +# else +# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ +# endif #endif /* For this DSO_METHOD, our meth_data STACK will contain; @@ -140,13 +144,19 @@ static int dlfcn_load(DSO *dso) void *ptr = NULL; /* See applicable comments in dso_dl.c */ char *filename = DSO_convert_filename(dso, NULL); + int flags = DLOPEN_FLAG; if(filename == NULL) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); goto err; } - ptr = dlopen(filename, DLOPEN_FLAG); + +#ifdef RTLD_GLOBAL + if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) + flags |= RTLD_GLOBAL; +#endif + ptr = dlopen(filename, flags); if(ptr == NULL) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index 1045d1dd19..49bdd71309 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename) DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); return(0); } - strcpy(copied, filename); + BUF_strlcpy(copied, filename, strlen(filename) + 1); if(dso->filename) OPENSSL_free(dso->filename); dso->filename = copied; @@ -449,7 +449,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename) ERR_R_MALLOC_FAILURE); return(NULL); } - strcpy(result, filename); + BUF_strlcpy(result, filename, strlen(filename) + 1); } return(result); } diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c index d1bece87f7..43e53bcaf7 100644 --- a/crypto/ebcdic.c +++ b/crypto/ebcdic.c @@ -1,6 +1,14 @@ /* crypto/ebcdic.c */ -#ifdef CHARSET_EBCDIC +#ifndef CHARSET_EBCDIC + +#include <openssl/e_os2.h> +#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) +static void *dummy=&dummy; +#endif + +#else /*CHARSET_EBCDIC*/ + #include "ebcdic.h" /* Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De> * Adapted for OpenSSL-0.9.4 by <Martin.Kraemer@Mch.SNI.De> @@ -210,9 +218,4 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) return dest; } -#else /*CHARSET_EBCDIC*/ -#include <openssl/e_os2.h> -#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) -static void *dummy=&dummy; -#endif #endif diff --git a/crypto/ec/Makefile.ssl b/crypto/ec/Makefile.ssl index 16997c6125..02d95396d5 100644 --- a/crypto/ec/Makefile.ssl +++ b/crypto/ec/Makefile.ssl @@ -52,7 +52,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 431a28b38f..8f4d4e1818 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -158,6 +158,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +/* returns the number of bits needed to represent a field element */ int EC_GROUP_get_degree(const EC_GROUP *); /* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ @@ -166,6 +167,9 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); * elliptic curve is not zero, 0 otherwise */ int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); +/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ +int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); + /* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() * after choosing an appropriate EC_METHOD */ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index a0effa95ad..a0ee7c152f 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -315,7 +315,8 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - int ret = 0, i; + int ret = 0; + size_t i; EC_POINT *p=NULL; if (ctx == NULL) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index f31ac45d99..6e3a02ab86 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -128,23 +128,41 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, /* some structures needed for the asn1 encoding */ -typedef struct x9_62_fieldid_st { - ASN1_OBJECT *fieldType; - ASN1_TYPE *parameters; - } X9_62_FIELDID; - -typedef struct x9_62_characteristic_two_st { - long m; - ASN1_OBJECT *basis; - ASN1_TYPE *parameters; - } X9_62_CHARACTERISTIC_TWO; - typedef struct x9_62_pentanomial_st { long k1; long k2; long k3; } X9_62_PENTANOMIAL; +typedef struct x9_62_characteristic_two_st { + long m; + ASN1_OBJECT *type; + union { + char *ptr; + /* NID_X9_62_onBasis */ + ASN1_NULL *onBasis; + /* NID_X9_62_tpBasis */ + ASN1_INTEGER *tpBasis; + /* NID_X9_62_ppBasis */ + X9_62_PENTANOMIAL *ppBasis; + /* anything else */ + ASN1_TYPE *other; + } p; + } X9_62_CHARACTERISTIC_TWO; + +typedef struct x9_62_fieldid_st { + ASN1_OBJECT *fieldType; + union { + char *ptr; + /* NID_X9_62_prime_field */ + ASN1_INTEGER *prime; + /* NID_X9_62_characteristic_two_field */ + X9_62_CHARACTERISTIC_TWO *char_two; + /* anything else */ + ASN1_TYPE *other; + } p; + } X9_62_FIELDID; + typedef struct x9_62_curve_st { ASN1_OCTET_STRING *a; ASN1_OCTET_STRING *b; @@ -177,36 +195,44 @@ typedef struct ec_privatekey_st { ASN1_BIT_STRING *publicKey; } EC_PRIVATEKEY; -/* the OpenSSL asn1 definitions */ +/* the OpenSSL ASN.1 definitions */ +ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { + ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), + ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), + ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) +} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) -ASN1_SEQUENCE(X9_62_FIELDID) = { - ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), - ASN1_SIMPLE(X9_62_FIELDID, parameters, ASN1_ANY) -} ASN1_SEQUENCE_END(X9_62_FIELDID) +DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) + +ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); -DECLARE_ASN1_FUNCTIONS_const(X9_62_FIELDID) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_FIELDID, X9_62_FIELDID) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_FIELDID) +ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { + ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), + ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), + ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) +} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, basis, ASN1_OBJECT), - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, parameters, ASN1_ANY) + ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) } ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) -DECLARE_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO, X9_62_CHARACTERISTIC_TWO) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO) +DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) -ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { - ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), - ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), - ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) -} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) +ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); + +ASN1_ADB(X9_62_FIELDID) = { + ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), + ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) +} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); -DECLARE_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_PENTANOMIAL, X9_62_PENTANOMIAL) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL) +ASN1_SEQUENCE(X9_62_FIELDID) = { + ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), + ASN1_ADB_OBJECT(X9_62_FIELDID) +} ASN1_SEQUENCE_END(X9_62_FIELDID) ASN1_SEQUENCE(X9_62_CURVE) = { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), @@ -214,10 +240,6 @@ ASN1_SEQUENCE(X9_62_CURVE) = { ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(X9_62_CURVE) -DECLARE_ASN1_FUNCTIONS_const(X9_62_CURVE) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CURVE, X9_62_CURVE) -IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CURVE) - ASN1_SEQUENCE(ECPARAMETERS) = { ASN1_SIMPLE(ECPARAMETERS, version, LONG), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), @@ -227,9 +249,8 @@ ASN1_SEQUENCE(ECPARAMETERS) = { ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS) -DECLARE_ASN1_FUNCTIONS_const(ECPARAMETERS) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPARAMETERS, ECPARAMETERS) -IMPLEMENT_ASN1_FUNCTIONS_const(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) ASN1_CHOICE(ECPKPARAMETERS) = { ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), @@ -254,12 +275,10 @@ IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) /* some declarations of internal function */ -/* ec_asn1_group2field() creates a X9_62_FIELDID object from a - * EC_GROUP object */ -static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *, X9_62_FIELDID *); -/* ec_asn1_group2curve() creates a X9_62_CURVE object from a - * EC_GROUP object */ -static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); +/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ +static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); +/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ +static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); /* ec_asn1_parameters2group() creates a EC_GROUP object from a * ECPARAMETERS object */ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); @@ -277,50 +296,28 @@ static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, /* the function definitions */ -static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, - X9_62_FIELDID *field) +static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) { int ok=0, nid; - X9_62_FIELDID *ret = NULL; - X9_62_CHARACTERISTIC_TWO *char_two = NULL; - X9_62_PENTANOMIAL *penta = NULL; BIGNUM *tmp = NULL; - unsigned char *buffer = NULL; - unsigned char *pp; - size_t buf_len = 0; - if (field == NULL) - { - if ((ret = X9_62_FIELDID_new()) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); - return NULL; - } - } - else - { - ret = field; - /* clear the old values */ - if (ret->fieldType != NULL) - ASN1_OBJECT_free(ret->fieldType); - if (ret->parameters != NULL) - ASN1_TYPE_free(ret->parameters); - } + if (group == NULL || field == NULL) + return 0; + + /* clear the old values (if necessary) */ + if (field->fieldType != NULL) + ASN1_OBJECT_free(field->fieldType); + if (field->p.other != NULL) + ASN1_TYPE_free(field->p.other); nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); /* set OID for the field */ - if ((ret->fieldType = OBJ_nid2obj(nid)) == NULL) + if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); goto err; } - if ((ret->parameters = ASN1_TYPE_new()) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); - goto err; - } - if (nid == NID_X9_62_prime_field) { if ((tmp = BN_new()) == NULL) @@ -329,15 +326,14 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, goto err; } /* the parameters are specified by the prime number p */ - ret->parameters->type = V_ASN1_INTEGER; if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); goto err; } /* set the prime number */ - ret->parameters->value.integer = BN_to_ASN1_INTEGER(tmp, NULL); - if (ret->parameters->value.integer == NULL) + field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL); + if (field->p.prime == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); goto err; @@ -346,8 +342,11 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, else /* nid == NID_X9_62_characteristic_two_field */ { int field_type; + X9_62_CHARACTERISTIC_TWO *char_two; + + field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); + char_two = field->p.char_two; - char_two = X9_62_CHARACTERISTIC_TWO_new(); if (char_two == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); @@ -364,7 +363,7 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, goto err; } /* set base type OID */ - if ((char_two->basis = OBJ_nid2obj(field_type)) == NULL) + if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); goto err; @@ -377,16 +376,13 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, if (!EC_GROUP_get_trinomial_basis(group, &k)) goto err; - char_two->parameters->type = V_ASN1_INTEGER; - char_two->parameters->value.integer = - ASN1_INTEGER_new(); - if (char_two->parameters->value.integer == NULL) + char_two->p.tpBasis = ASN1_INTEGER_new(); + if (!char_two->p.tpBasis) { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, - ERR_R_ASN1_LIB); + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); goto err; } - if (!ASN1_INTEGER_set(char_two->parameters->value.integer, (long)k)) + if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) { ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); @@ -400,110 +396,55 @@ static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) goto err; - penta = X9_62_PENTANOMIAL_new(); - /* set k? values */ - penta->k1 = (long)k1; - penta->k2 = (long)k2; - penta->k3 = (long)k3; - /* get the length of the encoded structure */ - buf_len = i2d_X9_62_PENTANOMIAL(penta, NULL); - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) + char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); + if (!char_two->p.ppBasis) { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, - ERR_R_MALLOC_FAILURE); + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); goto err; } - pp = buffer; - i2d_X9_62_PENTANOMIAL(penta, &pp); - /* set the encoded pentanomial */ - char_two->parameters->type=V_ASN1_SEQUENCE; - char_two->parameters->value.sequence=ASN1_STRING_new(); - ASN1_STRING_set(char_two->parameters->value.sequence, - buffer, buf_len); - - OPENSSL_free(buffer); - buffer = NULL; + + /* set k? values */ + char_two->p.ppBasis->k1 = (long)k1; + char_two->p.ppBasis->k2 = (long)k2; + char_two->p.ppBasis->k3 = (long)k3; } else /* field_type == NID_X9_62_onBasis */ { /* for ONB the parameters are (asn1) NULL */ - char_two->parameters->type = V_ASN1_NULL; - } - /* encoded the X9_62_CHARACTERISTIC_TWO structure */ - buf_len = i2d_X9_62_CHARACTERISTIC_TWO(char_two, NULL); - - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); - goto err; + char_two->p.onBasis = ASN1_NULL_new(); + if (!char_two->p.onBasis) + { + ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); + goto err; + } } - pp = buffer; - i2d_X9_62_CHARACTERISTIC_TWO(char_two, &pp); - /* set the encoded parameters */ - ret->parameters->type = V_ASN1_SEQUENCE; - ret->parameters->value.sequence = ASN1_STRING_new(); - ASN1_STRING_set(ret->parameters->value.sequence, - buffer, buf_len); } ok = 1; -err : if (!ok) - { - if (ret && !field) - X9_62_FIELDID_free(ret); - ret = NULL; - } - if (tmp) +err : if (tmp) BN_free(tmp); - if (char_two) - X9_62_CHARACTERISTIC_TWO_free(char_two); - if (penta) - X9_62_PENTANOMIAL_free(penta); - if (buffer) - OPENSSL_free(buffer); - return(ret); + return(ok); } -static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, - X9_62_CURVE *curve) +static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) { int ok=0, nid; - X9_62_CURVE *ret=NULL; - BIGNUM *tmp_1=NULL, - *tmp_2=NULL; - unsigned char *buffer_1=NULL, - *buffer_2=NULL, - *a_buf=NULL, - *b_buf=NULL; + BIGNUM *tmp_1=NULL, *tmp_2=NULL; + unsigned char *buffer_1=NULL, *buffer_2=NULL, + *a_buf=NULL, *b_buf=NULL; size_t len_1, len_2; unsigned char char_zero = 0; + if (!group || !curve || !curve->a || !curve->b) + return 0; + if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); goto err; } - if (curve == NULL) - { - if ((ret = X9_62_CURVE_new()) == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); - goto err; - } - } - else - { - ret = curve; - if (ret->a) - ASN1_OCTET_STRING_free(ret->a); - if (ret->b) - ASN1_OCTET_STRING_free(ret->b); - if (ret->seed) - ASN1_BIT_STRING_free(ret->seed); - } - nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); /* get a and b */ @@ -572,14 +513,8 @@ static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, } /* set a and b */ - if ((ret->a = M_ASN1_OCTET_STRING_new()) == NULL || - (ret->b = M_ASN1_OCTET_STRING_new()) == NULL ) - { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!M_ASN1_OCTET_STRING_set(ret->a, a_buf, len_1) || - !M_ASN1_OCTET_STRING_set(ret->b, b_buf, len_2)) + if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || + !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); goto err; @@ -588,8 +523,13 @@ static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, /* set the seed (optional) */ if (group->seed) { - if ((ret->seed = ASN1_BIT_STRING_new()) == NULL) goto err; - if (!ASN1_BIT_STRING_set(ret->seed, group->seed, + if (!curve->seed) + if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_BIT_STRING_set(curve->seed, group->seed, (int)group->seed_len)) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); @@ -597,17 +537,17 @@ static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, } } else - ret->seed = NULL; + { + if (curve->seed) + { + ASN1_BIT_STRING_free(curve->seed); + curve->seed = NULL; + } + } ok = 1; -err : if (!ok) - { - if (ret && !curve) - X9_62_CURVE_free(ret); - ret = NULL; - } - if (buffer_1) +err: if (buffer_1) OPENSSL_free(buffer_1); if (buffer_2) OPENSSL_free(buffer_2); @@ -615,7 +555,7 @@ err : if (!ok) BN_free(tmp_1); if (tmp_2) BN_free(tmp_2); - return(ret); + return(ok); } static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, @@ -651,16 +591,14 @@ static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, ret->version = (long)0x1; /* set the fieldID */ - ret->fieldID = ec_asn1_group2field(group, ret->fieldID); - if (ret->fieldID == NULL) + if (!ec_asn1_group2fieldid(group, ret->fieldID)) { ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); goto err; } /* set the curve */ - ret->curve = ec_asn1_group2curve(group, ret->curve); - if (ret->curve == NULL) + if (!ec_asn1_group2curve(group, ret->curve)) { ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); goto err; @@ -803,12 +741,9 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) EC_GROUP *ret = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; EC_POINT *point=NULL; - X9_62_CHARACTERISTIC_TWO *char_two = NULL; - X9_62_PENTANOMIAL *penta = NULL; - unsigned char *pp; if (!params->fieldID || !params->fieldID->fieldType || - !params->fieldID->parameters) + !params->fieldID->p.ptr) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; @@ -840,72 +775,46 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) if (tmp == NID_X9_62_characteristic_two_field) { - ASN1_TYPE *parameters = params->fieldID->parameters; + X9_62_CHARACTERISTIC_TWO *char_two; - if (parameters->type != V_ASN1_SEQUENCE) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); - goto err; - } + char_two = params->fieldID->p.char_two; if ((p = BN_new()) == NULL) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - ERR_R_MALLOC_FAILURE); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); goto err; } - /* extract the X9_62_CHARACTERISTIC_TWO object */ - pp = M_ASN1_STRING_data(parameters->value.sequence); - char_two = d2i_X9_62_CHARACTERISTIC_TWO(NULL, - (const unsigned char **) &pp, - M_ASN1_STRING_length(parameters->value.sequence)); - if (char_two == NULL) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); - goto err; - } /* get the base type */ - tmp = OBJ_obj2nid(char_two->basis); + tmp = OBJ_obj2nid(char_two->type); if (tmp == NID_X9_62_tpBasis) { long tmp_long; - if (char_two->parameters->type != V_ASN1_INTEGER || - char_two->parameters->value.integer == NULL) + if (!char_two->p.tpBasis) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - EC_R_ASN1_ERROR); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; } - tmp_long = ASN1_INTEGER_get(char_two->parameters->value.integer); + tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); /* create the polynomial */ - if (!BN_set_bit(p, (int)char_two->m)) goto err; - if (!BN_set_bit(p, (int)tmp_long)) goto err; - if (!BN_set_bit(p, 0)) goto err; + if (!BN_set_bit(p, (int)char_two->m)) + goto err; + if (!BN_set_bit(p, (int)tmp_long)) + goto err; + if (!BN_set_bit(p, 0)) + goto err; } else if (tmp == NID_X9_62_ppBasis) { - if (char_two->parameters->type != V_ASN1_SEQUENCE || - char_two->parameters->value.sequence == NULL) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - EC_R_ASN1_ERROR); - goto err; - } - /* extract the pentanomial data */ - pp = M_ASN1_STRING_data( - char_two->parameters->value.sequence); - penta = d2i_X9_62_PENTANOMIAL(NULL, - (const unsigned char **) &pp, - M_ASN1_STRING_length( - char_two->parameters->value.sequence)); - if (penta == NULL) + X9_62_PENTANOMIAL *penta; + + penta = char_two->p.ppBasis; + if (!penta) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - ERR_R_ASN1_LIB); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; } /* create the polynomial */ @@ -917,8 +826,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) } else if (tmp == NID_X9_62_onBasis) { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, - EC_R_NOT_IMPLEMENTED); + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); goto err; } else /* error */ @@ -939,13 +847,12 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) { /* we have a curve over a prime field */ /* extract the prime number */ - if (params->fieldID->parameters->type != V_ASN1_INTEGER || - !params->fieldID->parameters->value.integer) + if (!params->fieldID->p.prime) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; } - p = ASN1_INTEGER_to_BN(params->fieldID->parameters->value.integer, NULL); + p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); if (p == NULL) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); @@ -1042,10 +949,6 @@ err: if (!ok) BN_free(b); if (point) EC_POINT_free(point); - if (char_two) - X9_62_CHARACTERISTIC_TWO_free(char_two); - if (penta) - X9_62_PENTANOMIAL_free(penta); return(ret); } @@ -1217,6 +1120,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (priv_key->publicKey) { + const unsigned char *pub_oct; + size_t pub_oct_len; + if (ret->pub_key) EC_POINT_clear_free(ret->pub_key); ret->pub_key = EC_POINT_new(ret->group); @@ -1225,9 +1131,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); goto err; } + pub_oct = M_ASN1_STRING_data(priv_key->publicKey); + pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); + /* save the point conversion form */ + ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); if (!EC_POINT_oct2point(ret->group, ret->pub_key, - M_ASN1_STRING_data(priv_key->publicKey), - M_ASN1_STRING_length(priv_key->publicKey), NULL)) + pub_oct, pub_oct_len, NULL)) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); goto err; @@ -1368,7 +1277,6 @@ int i2d_ECParameters(EC_KEY *a, unsigned char **out) EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) { - EC_GROUP *group; EC_KEY *ret; if (in == NULL || *in == NULL) @@ -1377,14 +1285,6 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) return NULL; } - group = d2i_ECPKParameters(NULL, in, len); - - if (group == NULL) - { - ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); - return NULL; - } - if (a == NULL || *a == NULL) { if ((ret = EC_KEY_new()) == NULL) @@ -1398,11 +1298,12 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) else ret = *a; - if (ret->group) - EC_GROUP_clear_free(ret->group); + if (!d2i_ECPKParameters(&ret->group, in, len)) + { + ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); + return NULL; + } - ret->group = group; - return ret; } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 0b9b7ca7c7..9bd743c10f 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -981,6 +981,31 @@ static const EC_CURVE_DATA _EC_WTLS_1 = { "113 bit binary curve from the WTLS standard" }; +/* IPSec curves */ +static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { + NID_X9_62_characteristic_two_field, + "0800000000000000000000004000000000000001", + "0", + "07338f", + "7b", + "1c8", + "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3, + NULL, 0, + "IPSec/IKE/Oakley curve #3 over a 155 bit binary field" + }; + +static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = { + NID_X9_62_characteristic_two_field, + "020000000000000000000000000000200000000000000001", + "0", + "1ee9", + "18", + "0d", + "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2, + NULL, 0, + "IPSec/IKE/Oakley curve #4 over a 185 bit binary field" + }; + typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; @@ -1061,6 +1086,9 @@ static const ec_list_element curve_list[] = { { NID_wap_wsg_idm_ecid_wtls10, &_EC_SECG_CHAR2_233K1}, { NID_wap_wsg_idm_ecid_wtls11, &_EC_SECG_CHAR2_233R1}, { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, + /* IPSec curves */ + { NID_ipsec3, &_EC_IPSEC_155_ID3}, + { NID_ipsec4, &_EC_IPSEC_185_ID4}, }; static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index c00875cd73..b3ef05659a 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -470,6 +470,81 @@ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) } +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) + { + int r = 0; + BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; + BN_CTX *ctx_new = NULL; + + /* compare the field types*/ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != + EC_METHOD_get_field_type(EC_GROUP_method_of(b))) + return 1; + /* compare the curve name (if present) */ + if (EC_GROUP_get_nid(a) && EC_GROUP_get_nid(b) && + EC_GROUP_get_nid(a) == EC_GROUP_get_nid(b)) + return 0; + + if (!ctx) + ctx_new = ctx = BN_CTX_new(); + if (!ctx) + return -1; + + BN_CTX_start(ctx); + a1 = BN_CTX_get(ctx); + a2 = BN_CTX_get(ctx); + a3 = BN_CTX_get(ctx); + b1 = BN_CTX_get(ctx); + b2 = BN_CTX_get(ctx); + b3 = BN_CTX_get(ctx); + if (!b3) + { + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; + } + + /* XXX This approach assumes that the external representation + * of curves over the same field type is the same. + */ + if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || + !b->meth->group_get_curve(b, b1, b2, b3, ctx)) + r = 1; + + if (r || BN_cmp(a1, b2) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) + r = 1; + + /* XXX EC_POINT_cmp() assumes that the methods are equal */ + if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), + EC_GROUP_get0_generator(b), ctx)) + r = 1; + + if (!r) + { + /* compare the order and cofactor */ + if (!EC_GROUP_get_order(a, a1, ctx) || + !EC_GROUP_get_order(b, b1, ctx) || + !EC_GROUP_get_cofactor(a, a2, ctx) || + !EC_GROUP_get_cofactor(b, b2, ctx)) + { + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; + } + if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) + r = 1; + } + + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + + return r; + } + + /* this has 'package' visibility */ int EC_GROUP_set_extra_data(EC_GROUP *group, void *data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index c71a69ac0d..236b66c18a 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -307,12 +307,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) * (thus the boundaries should be increased) */ #define EC_window_bits_for_scalar_size(b) \ - ((b) >= 2000 ? 6 : \ - (b) >= 800 ? 5 : \ - (b) >= 300 ? 4 : \ - (b) >= 70 ? 3 : \ - (b) >= 20 ? 2 : \ - 1) + ((size_t) \ + ((b) >= 2000 ? 6 : \ + (b) >= 800 ? 5 : \ + (b) >= 300 ? 4 : \ + (b) >= 70 ? 3 : \ + (b) >= 20 ? 2 : \ + 1)) /* Compute * \sum scalars[i]*points[i], diff --git a/crypto/ec/ecp_recp.c b/crypto/ec/ecp_recp.c index e0b28c1cfa..d454c12fd3 100644 --- a/crypto/ec/ecp_recp.c +++ b/crypto/ec/ecp_recp.c @@ -119,7 +119,8 @@ int ec_GFp_recp_group_init(EC_GROUP *group) return ok; } - +/* Avoid "redundant redeclaration" warnings */ +#if 0 int ec_GFp_recp_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* TODO */ @@ -142,3 +143,4 @@ int ec_GFp_recp_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, con int ec_GFp_recp_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); /* TODO */ +#endif diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index e91c8fffb3..9b32f55be8 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -104,8 +104,12 @@ void prime_field_tests(void); void char2_field_tests(void); void internal_curve_test(void); +#define TIMING_BASE_PT 0 +#define TIMING_RAND_PT 1 +#define TIMING_SIMUL 2 + #if 0 -static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) +static void timings(EC_GROUP *group, int type, BN_CTX *ctx) { clock_t clck; int i, j; @@ -129,7 +133,7 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) { if ((r[i] = BN_new()) == NULL) ABORT; if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT; - if (multi) + if (type != TIMING_BASE_PT) { if ((r0[i] = BN_new()) == NULL) ABORT; if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT; @@ -141,13 +145,14 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) { for (j = 0; j < 10; j++) { - if (!EC_POINT_mul(group, P, r[i], multi ? P : NULL, multi ? r0[i] : NULL, ctx)) ABORT; + if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, + (type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT; } } - fprintf(stdout, "\n"); - clck = clock() - clck; + fprintf(stdout, "\n"); + #ifdef CLOCKS_PER_SEC /* "To determine the time in seconds, the value returned * by the clock function should be divided by the value @@ -161,9 +166,16 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) # define CLOCKS_PER_SEC 1 #endif - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, - multi ? "s*P+t*Q operations" : "point multiplications", - (double)clck/CLOCKS_PER_SEC); + if (type == TIMING_BASE_PT) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "base point multiplications", (double)clck/CLOCKS_PER_SEC); + } else if (type == TIMING_RAND_PT) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "random point multiplications", (double)clck/CLOCKS_PER_SEC); + } else if (type == TIMING_SIMUL) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC); + } fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j)); EC_POINT_free(P); @@ -171,7 +183,7 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) for (i = 0; i < 10; i++) { BN_free(r[i]); - if (multi) BN_free(r0[i]); + if (type != TIMING_BASE_PT) BN_free(r0[i]); } } #endif @@ -181,7 +193,7 @@ void prime_field_tests() BN_CTX *ctx = NULL; BIGNUM *p, *a, *b; EC_GROUP *group; - EC_GROUP *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; + EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; EC_POINT *P, *Q, *R; BIGNUM *x, *y, *z; unsigned char buf[100]; @@ -332,6 +344,52 @@ void prime_field_tests() if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; + /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000) + * -- not a NIST curve, but commonly used */ + + if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; + if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT; + if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; + + if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT; + if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; + if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; + fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; + if (0 != BN_cmp(y, z)) ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 160) ABORT; + fprintf(stdout, " ok\n"); + + fprintf(stdout, "verify group order ..."); + fflush(stdout); + if (!EC_GROUP_get_order(group, z, ctx)) ABORT; + if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) ABORT; + fprintf(stdout, "."); + fflush(stdout); + if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; + if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) ABORT; + fprintf(stdout, " ok\n"); + + if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; + if (!EC_GROUP_copy(P_160, group)) ABORT; + + /* Curve P-192 (FIPS PUB 186-2, App. 6) */ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT; @@ -637,16 +695,24 @@ void prime_field_tests() #if 0 - timings(P_192, 0, ctx); - timings(P_192, 1, ctx); - timings(P_224, 0, ctx); - timings(P_224, 1, ctx); - timings(P_256, 0, ctx); - timings(P_256, 1, ctx); - timings(P_384, 0, ctx); - timings(P_384, 1, ctx); - timings(P_521, 0, ctx); - timings(P_521, 1, ctx); + timings(P_160, TIMING_BASE_PT, ctx); + timings(P_160, TIMING_RAND_PT, ctx); + timings(P_160, TIMING_SIMUL, ctx); + timings(P_192, TIMING_BASE_PT, ctx); + timings(P_192, TIMING_RAND_PT, ctx); + timings(P_192, TIMING_SIMUL, ctx); + timings(P_224, TIMING_BASE_PT, ctx); + timings(P_224, TIMING_RAND_PT, ctx); + timings(P_224, TIMING_SIMUL, ctx); + timings(P_256, TIMING_BASE_PT, ctx); + timings(P_256, TIMING_RAND_PT, ctx); + timings(P_256, TIMING_SIMUL, ctx); + timings(P_384, TIMING_BASE_PT, ctx); + timings(P_384, TIMING_RAND_PT, ctx); + timings(P_384, TIMING_SIMUL, ctx); + timings(P_521, TIMING_BASE_PT, ctx); + timings(P_521, TIMING_RAND_PT, ctx); + timings(P_521, TIMING_SIMUL, ctx); #endif @@ -659,6 +725,7 @@ void prime_field_tests() EC_POINT_free(R); BN_free(x); BN_free(y); BN_free(z); + if (P_160) EC_GROUP_free(P_160); if (P_192) EC_GROUP_free(P_192); if (P_224) EC_GROUP_free(P_224); if (P_256) EC_GROUP_free(P_256); @@ -1103,26 +1170,36 @@ void char2_field_tests() #if 0 - timings(C2_K163, 0, ctx); - timings(C2_K163, 1, ctx); - timings(C2_B163, 0, ctx); - timings(C2_B163, 1, ctx); - timings(C2_K233, 0, ctx); - timings(C2_K233, 1, ctx); - timings(C2_B233, 0, ctx); - timings(C2_B233, 1, ctx); - timings(C2_K283, 0, ctx); - timings(C2_K283, 1, ctx); - timings(C2_B283, 0, ctx); - timings(C2_B283, 1, ctx); - timings(C2_K409, 0, ctx); - timings(C2_K409, 1, ctx); - timings(C2_B409, 0, ctx); - timings(C2_B409, 1, ctx); - timings(C2_K571, 0, ctx); - timings(C2_K571, 1, ctx); - timings(C2_B571, 0, ctx); - timings(C2_B571, 1, ctx); + timings(C2_K163, TIMING_BASE_PT, ctx); + timings(C2_K163, TIMING_RAND_PT, ctx); + timings(C2_K163, TIMING_SIMUL, ctx); + timings(C2_B163, TIMING_BASE_PT, ctx); + timings(C2_B163, TIMING_RAND_PT, ctx); + timings(C2_B163, TIMING_SIMUL, ctx); + timings(C2_K233, TIMING_BASE_PT, ctx); + timings(C2_K233, TIMING_RAND_PT, ctx); + timings(C2_K233, TIMING_SIMUL, ctx); + timings(C2_B233, TIMING_BASE_PT, ctx); + timings(C2_B233, TIMING_RAND_PT, ctx); + timings(C2_B233, TIMING_SIMUL, ctx); + timings(C2_K283, TIMING_BASE_PT, ctx); + timings(C2_K283, TIMING_RAND_PT, ctx); + timings(C2_K283, TIMING_SIMUL, ctx); + timings(C2_B283, TIMING_BASE_PT, ctx); + timings(C2_B283, TIMING_RAND_PT, ctx); + timings(C2_B283, TIMING_SIMUL, ctx); + timings(C2_K409, TIMING_BASE_PT, ctx); + timings(C2_K409, TIMING_RAND_PT, ctx); + timings(C2_K409, TIMING_SIMUL, ctx); + timings(C2_B409, TIMING_BASE_PT, ctx); + timings(C2_B409, TIMING_RAND_PT, ctx); + timings(C2_B409, TIMING_SIMUL, ctx); + timings(C2_K571, TIMING_BASE_PT, ctx); + timings(C2_K571, TIMING_RAND_PT, ctx); + timings(C2_K571, TIMING_SIMUL, ctx); + timings(C2_B571, TIMING_BASE_PT, ctx); + timings(C2_B571, TIMING_RAND_PT, ctx); + timings(C2_B571, TIMING_SIMUL, ctx); #endif diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl index 8a0e43852a..ff46ca041d 100644 --- a/crypto/ecdh/Makefile.ssl +++ b/crypto/ecdh/Makefile.ssl @@ -89,29 +89,37 @@ ech_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ech_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ech_err.o: ../../include/openssl/symhacks.h ech_err.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ech_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ech_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ech_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ech_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h -ech_key.o: ech_key.c +ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ech_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_key.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ech_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ech_key.o: ../../include/openssl/x509_vfy.h ecdh.h ech_key.c ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ech_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ech_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ech_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h -ech_lib.o: ech_lib.c +ech_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ech_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ech_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ech_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ech_lib.o: ../../include/openssl/x509_vfy.h ecdh.h ech_lib.c ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index b3cff5ad90..c7633bac7f 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -109,7 +109,8 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E BN_CTX *ctx; EC_POINT *tmp=NULL; BIGNUM *x=NULL, *y=NULL; - int ret= -1, buflen, len; + int ret= -1; + size_t buflen, len; unsigned char *buf=NULL; if (outlen > INT_MAX) @@ -172,7 +173,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E } memset(buf, 0, buflen - len); - if (len != BN_bn2bin(x, buf + buflen - len)) + if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); goto err; diff --git a/crypto/ecdsa/Makefile.ssl b/crypto/ecdsa/Makefile.ssl index 3bdc55efb5..935ea7a44f 100644 --- a/crypto/ecdsa/Makefile.ssl +++ b/crypto/ecdsa/Makefile.ssl @@ -97,17 +97,21 @@ ecs_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_err.o: ../../include/openssl/symhacks.h ecs_err.c ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ecs_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h -ecs_lib.o: ecs_lib.c +ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ecs_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ecs_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ecs_lib.o: ../../include/openssl/x509_vfy.h ecdsa.h ecs_lib.c ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -117,26 +121,34 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_ossl.o: ../../include/openssl/symhacks.h ecdsa.h ecs_ossl.c ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ecs_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h -ecs_sign.o: ecs_sign.c +ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ecs_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_sign.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ecs_sign.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ecs_sign.o: ../../include/openssl/x509_vfy.h ecdsa.h ecs_sign.c ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ecs_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h -ecs_vrf.o: ecs_vrf.c +ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ecs_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_vrf.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ecs_vrf.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ecs_vrf.o: ../../include/openssl/x509_vfy.h ecdsa.h ecs_vrf.c diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 7beae6f739..d58e9a63f0 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -124,7 +124,7 @@ int change_rand(void) fake_rand.status = old_rand->status; /* use own random function */ fake_rand.bytes = fbytes; - fake_rand.pseudorand = fbytes; + fake_rand.pseudorand = old_rand->bytes; /* set new RAND_METHOD */ if (!RAND_set_rand_method(&fake_rand)) return 0; @@ -328,7 +328,11 @@ int test_builtin(BIO *out) /* now create and verify a signature for every curve */ for (n = 0; n < crv_len; n++) { + unsigned char dirt, offset; + nid = curves[n].nid; + if (nid == NID_ipsec4) + continue; /* create new ecdsa key (== EC_KEY) */ if ((eckey = EC_KEY_new()) == NULL) goto builtin_err; @@ -406,9 +410,10 @@ int test_builtin(BIO *out) } BIO_printf(out, "."); BIO_flush(out); - /* modify signature */ - signature[((int)signature[0])%sig_len] ^= - signature[((int)signature[1])%sig_len]; + /* modify a single byte of the signature */ + offset = signature[10] % sig_len; + dirt = signature[11]; + signature[offset] ^= dirt ? dirt : 1; if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 6b99263724..86f5d55c54 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -25,11 +25,13 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ eng_table.c eng_pkey.c eng_fat.c eng_all.c \ - tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c tb_ecdh.c \ + tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ + tb_cipher.c tb_digest.c \ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ - tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o tb_ecdh.o \ + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ + tb_cipher.o tb_digest.o \ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o SRC= $(LIBSRC) @@ -53,7 +55,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) @@ -86,17 +88,21 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_all.o: eng_all.c eng_int.h +eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_all.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_all.o: ../../include/openssl/x509_vfy.h eng_all.c eng_int.h eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -104,27 +110,34 @@ eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h eng_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_cnf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_cnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h eng_cnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_cnf.o: ../../include/openssl/ui.h ../cryptlib.h eng_cnf.c +eng_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_cnf.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_cnf.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_cryptodev.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_cryptodev.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_cryptodev.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_cryptodev.o: ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_cryptodev.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h eng_cryptodev.o: ../../include/openssl/objects.h eng_cryptodev.o: ../../include/openssl/opensslconf.h eng_cryptodev.o: ../../include/openssl/opensslv.h -eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_cryptodev.o: ../../include/openssl/ui.h eng_cryptodev.c +eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_cryptodev.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_cryptodev.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/store.h +eng_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_cryptodev.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_cryptodev.o: eng_cryptodev.c eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -132,12 +145,16 @@ eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_ctrl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_ctrl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_ctrl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_ctrl.o: ../../include/openssl/opensslconf.h eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h +eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_ctrl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_ctrl.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_ctrl.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_ctrl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_ctrl.c eng_int.h eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -145,24 +162,32 @@ eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h eng_dyn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_dyn.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_dyn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_dyn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_dyn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_dyn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h eng_dyn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_dyn.o: ../../include/openssl/ui.h ../cryptlib.h eng_dyn.c eng_int.h +eng_dyn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_dyn.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_dyn.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_dyn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_dyn.c eng_int.h eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_err.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_err.o: eng_err.c +eng_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_err.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_err.o: ../../include/openssl/x509_vfy.h eng_err.c eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -170,12 +195,16 @@ eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h eng_fat.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_fat.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_fat.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_fat.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_fat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_fat.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h eng_fat.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_fat.o: ../../include/openssl/ui.h ../cryptlib.h eng_fat.c eng_int.h +eng_fat.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_fat.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_fat.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_fat.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_fat.c eng_int.h eng_init.o: ../../e_os.h ../../include/openssl/asn1.h eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -183,12 +212,16 @@ eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_init.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_init.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_init.o: ../../include/openssl/opensslconf.h eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_init.o: ../cryptlib.h eng_init.c eng_int.h +eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_init.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_init.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_init.c eng_int.h eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -196,11 +229,15 @@ eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c eng_list.o: ../../e_os.h ../../include/openssl/asn1.h eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h @@ -209,12 +246,16 @@ eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_list.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_list.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_list.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_list.o: ../../include/openssl/opensslconf.h eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_list.o: ../cryptlib.h eng_int.h eng_list.c +eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_list.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_list.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_list.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_list.c eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -232,9 +273,9 @@ eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc4.h eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_openssl.o: ../cryptlib.h eng_openssl.c +eng_openssl.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -242,130 +283,176 @@ eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_pkey.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_pkey.o: ../../include/openssl/opensslconf.h eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c +eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_pkey.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_pkey.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c eng_table.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_table.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_table.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_table.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_table.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_table.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_table.o: ../../include/openssl/objects.h eng_table.o: ../../include/openssl/opensslconf.h eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_table.o: eng_int.h eng_table.c +eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_table.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_table.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_table.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_table.o: ../../include/openssl/x509_vfy.h eng_int.h eng_table.c tb_cipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_cipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_cipher.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_cipher.o: ../../include/openssl/objects.h tb_cipher.o: ../../include/openssl/opensslconf.h tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_cipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_cipher.o: eng_int.h tb_cipher.c +tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_cipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_cipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_cipher.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_cipher.o: ../../include/openssl/x509_vfy.h eng_int.h tb_cipher.c tb_dh.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_dh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_dh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_dh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_dh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dh.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_dh.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dh.o: ../../include/openssl/ui.h eng_int.h tb_dh.c +tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_dh.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_dh.o: ../../include/openssl/x509_vfy.h eng_int.h tb_dh.c tb_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_digest.o: ../../include/openssl/objects.h tb_digest.o: ../../include/openssl/opensslconf.h tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_digest.o: eng_int.h tb_digest.c +tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_digest.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_digest.o: ../../include/openssl/x509_vfy.h eng_int.h tb_digest.c tb_dsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_dsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_dsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_dsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_dsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dsa.o: ../../include/openssl/ui.h eng_int.h tb_dsa.c +tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_dsa.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_dsa.o: ../../include/openssl/x509_vfy.h eng_int.h tb_dsa.c tb_ecdh.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_ecdh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_ecdh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_ecdh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_ecdh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_ecdh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_ecdh.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_ecdh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_ecdh.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_ecdh.o: ../../include/openssl/ui.h eng_int.h tb_ecdh.c +tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdh.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_ecdh.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_ecdh.o: ../../include/openssl/x509_vfy.h eng_int.h tb_ecdh.c tb_ecdsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_ecdsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_ecdsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_ecdsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_ecdsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_ecdsa.o: ../../include/openssl/opensslconf.h +tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_ecdsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_ecdsa.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_ecdsa.o: eng_int.h tb_ecdsa.c +tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_ecdsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdsa.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_ecdsa.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_ecdsa.o: ../../include/openssl/x509_vfy.h eng_int.h tb_ecdsa.c tb_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_rand.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_rand.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rand.o: ../../include/openssl/ui.h eng_int.h tb_rand.c +tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rand.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_rand.o: ../../include/openssl/x509_vfy.h eng_int.h tb_rand.c tb_rsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_rsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_rsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_rsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_rsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rsa.o: ../../include/openssl/ui.h eng_int.h tb_rsa.c +tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rsa.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_rsa.o: ../../include/openssl/x509_vfy.h eng_int.h tb_rsa.c +tb_store.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_store.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_store.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_store.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_store.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_store.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_store.o: ../../include/openssl/x509_vfy.h eng_int.h tb_store.c diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index b32be08c8e..65f20726b8 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -12,9 +12,6 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the author nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED @@ -33,7 +30,8 @@ #include <openssl/engine.h> #include <openssl/evp.h> -#if (defined(__unix__) || defined(unix)) && !defined(USG) +#if (defined(__unix__) || defined(unix)) && !defined(USG) && \ + (defined(OpenBSD) || defined(__FreeBSD_version)) #include <sys/param.h> # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) # define HAVE_CRYPTODEV @@ -874,7 +872,6 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } - printf("bar\n"); memset(&kop, 0, sizeof kop); kop.crk_op = CRK_DSA_SIGN; @@ -1054,14 +1051,17 @@ ENGINE_load_cryptodev(void) if (engine == NULL) return; - if ((fd = get_dev_crypto()) < 0) + if ((fd = get_dev_crypto()) < 0) { + ENGINE_free(engine); return; + } /* * find out what asymmetric crypto algorithms we support */ if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { close(fd); + ENGINE_free(engine); return; } close(fd); diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c index ad3858395b..1a808bec41 100644 --- a/crypto/engine/eng_ctrl.c +++ b/crypto/engine/eng_ctrl.c @@ -160,15 +160,19 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: return strlen(e->cmd_defns[idx].cmd_name); case ENGINE_CTRL_GET_NAME_FROM_CMD: - return sprintf(s, "%s", e->cmd_defns[idx].cmd_name); + return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1, + "%s", e->cmd_defns[idx].cmd_name); case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: if(e->cmd_defns[idx].cmd_desc) return strlen(e->cmd_defns[idx].cmd_desc); return strlen(int_no_description); case ENGINE_CTRL_GET_DESC_FROM_CMD: if(e->cmd_defns[idx].cmd_desc) - return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc); - return sprintf(s, "%s", int_no_description); + return BIO_snprintf(s, + strlen(e->cmd_defns[idx].cmd_desc) + 1, + "%s", e->cmd_defns[idx].cmd_desc); + return BIO_snprintf(s, strlen(int_no_description) + 1,"%s", + int_no_description); case ENGINE_CTRL_GET_CMD_FLAGS: return e->cmd_defns[idx].cmd_flags; } @@ -177,7 +181,7 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) return -1; } -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int ctrl_exists, ref_exists; if(e == NULL) @@ -247,7 +251,7 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd) } int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(), int cmd_optional) + long i, void *p, void (*f)(void), int cmd_optional) { int num; diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 61ae230570..3cb46856cc 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -70,7 +70,7 @@ /* Our ENGINE handlers */ static int dynamic_init(ENGINE *e); static int dynamic_finish(ENGINE *e); -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* Predeclare our context type */ typedef struct st_dynamic_data_ctx dynamic_data_ctx; /* The implementation for the important control command */ @@ -316,7 +316,7 @@ static int dynamic_finish(ENGINE *e) return 0; } -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); int initialised; diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index a5ffbec94c..1539ea039f 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -124,14 +124,14 @@ static int int_def_cb(const char *alg, int len, void *arg) } -int ENGINE_set_default_string(ENGINE *e, const char *list) +int ENGINE_set_default_string(ENGINE *e, const char *def_list) { unsigned int flags = 0; - if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags)) + if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) { ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, ENGINE_R_INVALID_STRING); - ERR_add_error_data(2, "str=",list); + ERR_add_error_data(2, "str=",def_list); return 0; } return ENGINE_set_default(e, flags); diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 2c82861ebb..395c7fff1a 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -154,6 +154,7 @@ struct engine_st const ECDH_METHOD *ecdh_meth; const ECDSA_METHOD *ecdsa_meth; const RAND_METHOD *rand_meth; + const STORE_METHOD *store_meth; /* Cipher handling is via this callback */ ENGINE_CIPHERS_PTR ciphers; /* Digest handling is via this callback */ diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 999061a8ed..66ab06de74 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -92,6 +92,7 @@ void engine_set_all_null(ENGINE *e) e->dsa_meth = NULL; e->dh_meth = NULL; e->rand_meth = NULL; + e->store_meth = NULL; e->ciphers = NULL; e->digests = NULL; e->destroy = NULL; diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 55b646da24..f94d593b06 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -336,6 +336,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) dest->ecdsa_meth = src->ecdsa_meth; #endif dest->rand_meth = src->rand_meth; + dest->store_meth = src->store_meth; dest->ciphers = src->ciphers; dest->digests = src->digests; dest->destroy = src->destroy; diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index d4d08d9629..bcbec5162c 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -88,6 +88,7 @@ #include <openssl/ecdsa.h> #endif #include <openssl/rand.h> +#include <openssl/store.h> #include <openssl/ui.h> #include <openssl/symhacks.h> #include <openssl/err.h> @@ -123,6 +124,7 @@ typedef void ECDSA_METHOD; #define ENGINE_METHOD_ECDSA (unsigned int)0x0020 #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +#define ENGINE_METHOD_STORE (unsigned int)0x0100 /* Obvious all-or-nothing cases. */ #define ENGINE_METHOD_ALL (unsigned int)0xFFFF #define ENGINE_METHOD_NONE (unsigned int)0x0000 @@ -192,9 +194,15 @@ typedef void ECDSA_METHOD; handles/connections etc. */ #define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ #define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used - when calling the password - callback and the user - interface */ + when calling the password + callback and the user + interface */ +#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given + a string that represents a + file name or so */ +#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given + section in the already loaded + configuration */ /* These control commands allow an application to deal with an arbitrary engine * in a dynamic way. Warn: Negative return values indicate errors FOR THESE @@ -241,7 +249,7 @@ typedef void ECDSA_METHOD; /* ENGINE implementations should start the numbering of their own control * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ -#define ENGINE_CMD_BASE 200 +#define ENGINE_CMD_BASE 200 /* NB: These 2 nCipher "chil" control commands are deprecated, and their * functionality is now available through ENGINE-specific control commands @@ -375,6 +383,10 @@ int ENGINE_register_RAND(ENGINE *e); void ENGINE_unregister_RAND(ENGINE *e); void ENGINE_register_all_RAND(void); +int ENGINE_register_STORE(ENGINE *e); +void ENGINE_unregister_STORE(ENGINE *e); +void ENGINE_register_all_STORE(void); + int ENGINE_register_ciphers(ENGINE *e); void ENGINE_unregister_ciphers(ENGINE *e); void ENGINE_register_all_ciphers(void); @@ -451,6 +463,7 @@ int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); @@ -485,6 +498,7 @@ const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); @@ -549,7 +563,7 @@ ENGINE *ENGINE_get_digest_engine(int nid); * structure will have had its reference count up'd so the caller * should still free their own reference 'e'. */ int ENGINE_set_default_RSA(ENGINE *e); -int ENGINE_set_default_string(ENGINE *e, const char *list); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); /* Same for the other "methods" */ int ENGINE_set_default_DSA(ENGINE *e); int ENGINE_set_default_ECDH(ENGINE *e); @@ -576,10 +590,10 @@ void ENGINE_add_conf_module(void); /**************************/ /* Binary/behaviour compatibility levels */ -#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200 +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 /* Binary versions older than this are too old for us (whether we're a loader or * a loadee) */ -#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200 +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 /* When compiling an ENGINE entirely as an external shared library, loadable by * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl index 69ee692cfb..a95f54f7f6 100644 --- a/crypto/err/Makefile.ssl +++ b/crypto/err/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) @@ -100,10 +100,10 @@ err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -err_all.o: err_all.c +err_all.o: ../../include/openssl/stack.h ../../include/openssl/store.h +err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +err_all.o: ../../include/openssl/x509v3.h err_all.c err_prn.o: ../../e_os.h ../../include/openssl/bio.h err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/err/err.c b/crypto/err/err.c index 05437764c8..9540394e3a 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -231,6 +231,7 @@ struct st_ERR_FNS ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); /* Works on the "thread_hash" error-state table */ LHASH *(*cb_thread_get)(int create); + void (*cb_thread_release)(LHASH **hash); ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); void (*cb_thread_del_item)(const ERR_STATE *); @@ -245,6 +246,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); static LHASH *int_thread_get(int create); +static void int_thread_release(LHASH **hash); static ERR_STATE *int_thread_get_item(const ERR_STATE *); static ERR_STATE *int_thread_set_item(ERR_STATE *); static void int_thread_del_item(const ERR_STATE *); @@ -258,6 +260,7 @@ static const ERR_FNS err_defaults = int_err_set_item, int_err_del_item, int_thread_get, + int_thread_release, int_thread_get_item, int_thread_set_item, int_thread_del_item, @@ -277,6 +280,7 @@ static const ERR_FNS *err_fns = NULL; * and state in the loading application. */ static LHASH *int_error_hash = NULL; static LHASH *int_thread_hash = NULL; +static int int_thread_hash_references = 0; static int int_err_library_number= ERR_LIB_USER; /* Internal function that checks whether "err_fns" is set and if not, sets it to @@ -423,11 +427,37 @@ static LHASH *int_thread_get(int create) CRYPTO_pop_info(); } if (int_thread_hash) + { + int_thread_hash_references++; ret = int_thread_hash; + } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; } +static void int_thread_release(LHASH **hash) + { + int i; + + if (hash == NULL || *hash == NULL) + return; + + i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); + +#ifdef REF_PRINT + fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR"); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"int_thread_release, bad reference count\n"); + abort(); /* ok */ + } +#endif + *hash = NULL; + } + static ERR_STATE *int_thread_get_item(const ERR_STATE *d) { ERR_STATE *p; @@ -442,6 +472,7 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d) p = (ERR_STATE *)lh_retrieve(hash, d); CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); return p; } @@ -459,6 +490,7 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d) p = (ERR_STATE *)lh_insert(hash, d); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); return p; } @@ -475,13 +507,15 @@ static void int_thread_del_item(const ERR_STATE *d) CRYPTO_w_lock(CRYPTO_LOCK_ERR); p = (ERR_STATE *)lh_delete(hash, d); /* make sure we don't leak memory */ - if (int_thread_hash && (lh_num_items(int_thread_hash) == 0)) + if (int_thread_hash_references == 1 + && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) { lh_free(int_thread_hash); int_thread_hash = NULL; } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); if (p) ERR_STATE_free(p); } @@ -553,13 +587,32 @@ static void build_SYS_str_reasons() #endif #define err_clear_data(p,i) \ + do { \ if (((p)->err_data[i] != NULL) && \ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ { \ OPENSSL_free((p)->err_data[i]); \ (p)->err_data[i]=NULL; \ } \ - (p)->err_data_flags[i]=0; + (p)->err_data_flags[i]=0; \ + } while(0) + +#ifdef OPENSSL_SYS_VMS +#define err_clear_file(p,i) \ + free((char *)p->err_file[i]); +#else +#define err_clear_file(p,i) +#endif + +#define err_clear(p,i) \ + do { \ + es->err_flags[i]=0; \ + es->err_buffer[i]=0; \ + err_clear_data(p,i); \ + err_clear_file(p,i); \ + es->err_file[i]=NULL; \ + es->err_line[i]= -1; \ + } while(0) static void ERR_STATE_free(ERR_STATE *s) { @@ -650,6 +703,7 @@ void ERR_put_error(int lib, int func, int reason, const char *file, es->top=(es->top+1)%ERR_NUM_ERRORS; if (es->top == es->bottom) es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; + es->err_flags[es->top]=0; es->err_buffer[es->top]=ERR_PACK(lib,func,reason); #ifdef OPENSSL_SYS_VMS extract_progname ((char *)file, (char **)&es->err_file[es->top]); @@ -669,13 +723,7 @@ void ERR_clear_error(void) for (i=0; i<ERR_NUM_ERRORS; i++) { - es->err_buffer[i]=0; - err_clear_data(es,i); -#ifdef OPENSSL_SYS_VMS - free((char *)es->err_file[i]); -#endif - es->err_file[i]=NULL; - es->err_line[i]= -1; + err_clear(es,i); } es->top=es->bottom=0; } @@ -858,6 +906,12 @@ LHASH *ERR_get_err_state_table(void) return ERRFN(thread_get)(0); } +void ERR_release_err_state_table(LHASH **hash) + { + err_fns_check(); + ERRFN(thread_release)(hash); + } + const char *ERR_lib_error_string(unsigned long e) { ERR_STRING_DATA d,*p; @@ -1038,7 +1092,7 @@ void ERR_add_error_data(int num, ...) else str=p; } - strcat(str,a); + BUF_strlcat(str,a,s+1); } } ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); @@ -1047,6 +1101,36 @@ err: va_end(args); } +int ERR_set_mark(void) + { + ERR_STATE *es; + + es=ERR_get_state(); + + if (es->bottom == es->top) return 0; + es->err_flags[es->top]|=ERR_FLAG_MARK; + return 1; + } + +int ERR_pop_to_mark(void) + { + ERR_STATE *es; + + es=ERR_get_state(); + + while(es->bottom != es->top + && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) + { + err_clear(es,es->top); + es->top-=1; + if (es->top == -1) es->top=ERR_NUM_ERRORS; + } + + if (es->bottom == es->top) return 0; + es->err_flags[es->top]&=~ERR_FLAG_MARK; + return 1; + } + #ifdef OPENSSL_SYS_VMS #pragma nostandard #include <stdlib.h> diff --git a/crypto/err/err.h b/crypto/err/err.h index 95658addf9..d893f60bb7 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -88,10 +88,13 @@ extern "C" { #define ERR_TXT_MALLOCED 0x01 #define ERR_TXT_STRING 0x02 +#define ERR_FLAG_MARK 0x01 + #define ERR_NUM_ERRORS 16 typedef struct err_state_st { unsigned long pid; + int err_flags[ERR_NUM_ERRORS]; unsigned long err_buffer[ERR_NUM_ERRORS]; char *err_data[ERR_NUM_ERRORS]; int err_data_flags[ERR_NUM_ERRORS]; @@ -135,6 +138,7 @@ typedef struct err_state_st #define ERR_LIB_COMP 41 #define ERR_LIB_ECDSA 42 #define ERR_LIB_ECDH 43 +#define ERR_LIB_STORE 44 #define ERR_LIB_USER 128 @@ -165,6 +169,7 @@ typedef struct err_state_st #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) #define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) #define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) +#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ @@ -219,6 +224,7 @@ typedef struct err_state_st #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ #define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ +#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ #define ERR_R_NESTED_ASN1_ERROR 58 #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 @@ -287,10 +293,14 @@ ERR_STATE *ERR_get_state(void); #ifndef OPENSSL_NO_LHASH LHASH *ERR_get_string_table(void); LHASH *ERR_get_err_state_table(void); +void ERR_release_err_state_table(LHASH **hash); #endif int ERR_get_next_error_library(void); +int ERR_set_mark(void); +int ERR_pop_to_mark(void); + /* This opaque type encapsulates the low-level error-state functions */ typedef struct st_ERR_FNS ERR_FNS; /* An application can use this function and provide the return value to loaded diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 3ac40512d2..64200fceba 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -27,8 +27,10 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c L UI crypto/ui/ui.h crypto/ui/ui_err.c +L COMP crypto/comp/comp.h crypto/comp/comp_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c +L STORE crypto/store/store.h crypto/store/str_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 0f82cf78df..0f9fd4b3db 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -67,7 +67,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) cp $(TESTDATA) ../../test @@ -149,10 +149,12 @@ c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -c_all.o: ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +c_all.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +c_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -193,10 +195,12 @@ digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -digest.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -digest.o: ../cryptlib.h digest.c +digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +digest.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +digest.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h e_aes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -321,18 +325,13 @@ encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -evp_acnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -evp_acnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -evp_acnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -evp_acnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +evp_acnf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_acnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_acnf.o: ../cryptlib.h evp_acnf.c +evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -343,10 +342,13 @@ evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -evp_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_enc.o: ../../include/openssl/ui.h ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/store.h +evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h evp_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 33349c2f98..fa5cbc7eb1 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -165,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) { i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; - OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); + OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); memcpy(out,&(ctx->buf[ctx->buf_off]),i); ret=i; out+=i; diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 530ab937ce..4e3f10141b 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -102,7 +102,7 @@ *) digest is initialized with random seed instead of standardized one. - *) same seed is written to ouput + *) same seed is written to output *) well-known text is then hashed and the output of the digest is also written to output. diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 879d84ae79..fa60a73ead 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -59,7 +59,9 @@ #include <stdio.h> #include "cryptlib.h" #include <openssl/evp.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #if 0 #undef OpenSSL_add_all_algorithms diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 3932f60e59..d37726ffae 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -168,16 +168,17 @@ static int rc2_magic_to_meth(int i) static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { long num=0; - int i=0,l; + int i=0; int key_bits; + unsigned int l; unsigned char iv[EVP_MAX_IV_LENGTH]; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof iv); + OPENSSL_assert(l <= sizeof(iv)); i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); - if (i != l) + if (i != (int)l) return(-1); key_bits =rc2_magic_to_meth((int)num); if (!key_bits) diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 08209357ce..32744ca686 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -136,7 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *outl=0; if (inl == 0) return; - OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); if ((ctx->num+inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); @@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* only save the good data :-) */ if (!B64_NOT_BASE64(v)) { - OPENSSL_assert(n < sizeof ctx->enc_data); + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); d[n++]=tmp; ln++; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index be0758a879..cecb09cbe7 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -148,7 +148,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp #endif ctx->cipher=cipher; - ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); + if (ctx->cipher->ctx_size) + { + ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); + if (!ctx->cipher_data) + { + EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + { + ctx->cipher_data = NULL; + } ctx->key_len = cipher->key_len; ctx->flags = 0; if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) @@ -187,7 +199,8 @@ skip_to_init: case EVP_CIPH_CBC_MODE: - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= + (int)sizeof(ctx->iv)); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; @@ -274,7 +287,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i=ctx->buf_len; bl=ctx->cipher->block_size; - OPENSSL_assert(bl <= sizeof ctx->buf); + OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { if (i+inl < bl) @@ -320,7 +333,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,n,b,bl,ret; + int n,ret; + unsigned int i, b, bl; b=ctx->cipher->block_size; OPENSSL_assert(b <= sizeof ctx->buf); @@ -356,7 +370,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int b, fix_len; + int fix_len; + unsigned int b; if (inl == 0) { @@ -409,8 +424,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,b; - int n; + int i,n; + unsigned int b; *outl=0; b=ctx->cipher->block_size; @@ -433,7 +448,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; - if (n > b) + if (n > (int)b) { EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); return(0); diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 52a3b287be..c97cb9cea6 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -85,14 +85,15 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,l; + int i=0; + unsigned int l; if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof c->iv); + OPENSSL_assert(l <= sizeof(c->iv)); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); - if (i != l) + if (i != (int)l) return(-1); else if (i > 0) memcpy(c->iv,c->oiv,l); @@ -102,12 +103,13 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { - int i=0,j; + int i=0; + unsigned int j; if (type != NULL) { j=EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(j <= sizeof c->iv); + OPENSSL_assert(j <= sizeof(c->iv)); i=ASN1_TYPE_set_octetstring(type,c->oiv,j); } return(i); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 0da88fdcff..91e545a141 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -87,7 +87,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, if (i == -1) { char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); - if (!pbe_obj) strcpy (obj_tmp, "NULL"); + if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index a97b1f87da..a08eb43a64 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -80,14 +80,15 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #ifndef OPENSSL_NO_DSA DSA *dsa = NULL; ASN1_TYPE *t1, *t2; + ASN1_INTEGER *privkey; STACK_OF(ASN1_TYPE) *ndsa = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY *eckey = NULL; + const unsigned char *p_tmp; #endif #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) ASN1_TYPE *param = NULL; - ASN1_INTEGER *privkey; BN_CTX *ctx = NULL; int plen; #endif @@ -221,11 +222,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #endif #ifndef OPENSSL_NO_EC case NID_X9_62_id_ecPublicKey: - if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto ecerr; - } + p_tmp = p; + /* extract the ec parameters */ param = p8->pkeyalg->parameter; if (!param || ((param->type != V_ASN1_SEQUENCE) && @@ -269,35 +267,40 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) } /* We have parameters now set private key */ - if (!(eckey->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR); - goto ecerr; - } - /* Calculate public key */ - if ((eckey->pub_key = EC_POINT_new(eckey->group)) == NULL) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; - } - if (!EC_POINT_copy(eckey->pub_key, - EC_GROUP_get0_generator(eckey->group))) + if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } - if (!EC_POINT_mul(eckey->group, eckey->pub_key, - eckey->priv_key, NULL, NULL, ctx)) + + /* calculate public key (if necessary) */ + if (!eckey->pub_key) { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; + /* the public key was not included in the SEC1 private + * key => calculate the public key */ + eckey->pub_key = EC_POINT_new(eckey->group); + if (!eckey->pub_key) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (!EC_POINT_copy(eckey->pub_key, + EC_GROUP_get0_generator(eckey->group))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (!EC_POINT_mul(eckey->group, eckey->pub_key, + eckey->priv_key, NULL, NULL, ctx)) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } } EVP_PKEY_assign_EC_KEY(pkey, eckey); if (ctx) BN_CTX_free(ctx); - if (privkey) - ASN1_INTEGER_free(privkey); break; ecerr: if (ctx) @@ -310,7 +313,7 @@ ecerr: #endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - if (!a->algorithm) strcpy (obj_tmp, "NULL"); + if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); ERR_add_error_data(2, "TYPE=", obj_tmp); EVP_PKEY_free (pkey); @@ -524,9 +527,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) { EC_KEY *eckey; - ASN1_INTEGER *prkey = NULL; unsigned char *p, *pp; - int nid; + int nid, i, ret = 0; + unsigned int tmp_flags; if (pkey->pkey.eckey == NULL || pkey->pkey.eckey->group == NULL) { @@ -564,7 +567,6 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) } else /* explicit parameters */ { - int i; if ((i = i2d_ECParameters(eckey, NULL)) == 0) { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); @@ -595,35 +597,58 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) } /* set the private key */ - if ((prkey = BN_to_ASN1_INTEGER(pkey->pkey.eckey->priv_key, NULL)) - == NULL) + + /* do not include the parameters in the SEC1 private key + * see PKCS#11 12.11 */ + tmp_flags = pkey->pkey.eckey->enc_flag; + pkey->pkey.eckey->enc_flag |= EC_PKEY_NO_PARAMETERS; + i = i2d_ECPrivateKey(pkey->pkey.eckey, NULL); + if (!i) + { + pkey->pkey.eckey->enc_flag = tmp_flags; + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); + return 0; + } + p = (unsigned char *) OPENSSL_malloc(i); + if (!p) { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ASN1_LIB); + pkey->pkey.eckey->enc_flag = tmp_flags; + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); return 0; } + pp = p; + if (!i2d_ECPrivateKey(pkey->pkey.eckey, &pp)) + { + pkey->pkey.eckey->enc_flag = tmp_flags; + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); + OPENSSL_free(p); + return 0; + } + /* restore old encoding flags */ + pkey->pkey.eckey->enc_flag = tmp_flags; switch(p8->broken) { case PKCS8_OK: - if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, - &p8->pkey->value.octet_string)) + p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!p8->pkey->value.octet_string || + !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, + (const void *)p, i)) + { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(prkey); - return 0; } - - ASN1_INTEGER_free(prkey); - + else + ret = 1; break; case PKCS8_NO_OCTET: /* RSA specific */ case PKCS8_NS_DB: /* DSA specific */ case PKCS8_EMBEDDED_PARAM: /* DSA specific */ default: EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - return 0; - } - return 1; + OPENSSL_cleanse(p, (size_t)i); + OPENSSL_free(p); + return ret; } #endif diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index a1874e83b2..39306f4564 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -140,7 +140,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index b161d7664a..dca0514867 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -149,7 +149,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, int en_de) { unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; - int saltlen, keylen, iter, plen; + int saltlen, iter, plen; + unsigned int keylen; PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; PBKDF2PARAM *kdf = NULL; @@ -208,7 +209,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* Now check the parameters of the kdf */ - if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ + if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); goto err; diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 730ef4d0a9..d6d7234cd5 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -234,6 +234,15 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) return(1); } #endif +#ifndef OPENSSL_NO_EC + if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) + { + if (EC_GROUP_cmp(a->pkey.eckey->group, b->pkey.eckey->group, NULL)) + return 0; + else + return 1; + } +#endif return(-1); } diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 5b2e345c27..f68cf84525 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -287,7 +287,7 @@ static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) /* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do * any locking. */ -static void def_cleanup_cb(const void *a_void) +static void def_cleanup_cb(void *a_void) { EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); diff --git a/crypto/hmac/Makefile.ssl b/crypto/hmac/Makefile.ssl index f86d5678a3..1bb70bd057 100644 --- a/crypto/hmac/Makefile.ssl +++ b/crypto/hmac/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 4c91f919d5..f7392a0dae 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -79,7 +79,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { reset=1; j=EVP_MD_block_size(md); - OPENSSL_assert(j <= sizeof ctx->key); + OPENSSL_assert(j <= (int)sizeof(ctx->key)); if (j < len) { EVP_DigestInit_ex(&ctx->md_ctx,md, impl); @@ -89,7 +89,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, } else { - OPENSSL_assert(len <= sizeof ctx->key); + OPENSSL_assert(len <= (int)sizeof(ctx->key)); memcpy(ctx->key,key,len); ctx->key_length=len; } diff --git a/crypto/idea/Makefile.ssl b/crypto/idea/Makefile.ssl index ca4b76fc2f..fa016ea399 100644 --- a/crypto/idea/Makefile.ssl +++ b/crypto/idea/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/idea/idea_spd.c b/crypto/idea/idea_spd.c index 48ffaff520..699353e871 100644 --- a/crypto/idea/idea_spd.c +++ b/crypto/idea/idea_spd.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif + #ifndef _IRIX #include <time.h> #endif diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c index 98f805d72a..e6ffc7025e 100644 --- a/crypto/idea/ideatest.c +++ b/crypto/idea/ideatest.c @@ -169,6 +169,9 @@ int main(int argc, char *argv[]) else printf("ok\n"); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/krb5/Makefile.ssl b/crypto/krb5/Makefile.ssl index 7136d7a402..d9224c0f09 100644 --- a/crypto/krb5/Makefile.ssl +++ b/crypto/krb5/Makefile.ssl @@ -48,7 +48,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile ; + @sh $(TOP)/util/point.sh Makefile.ssl Makefile ; @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/lhash/Makefile.ssl b/crypto/lhash/Makefile.ssl index 1902e4a899..60e7ee3393 100644 --- a/crypto/lhash/Makefile.ssl +++ b/crypto/lhash/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 0a16fcf27d..9856c26d43 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -176,7 +176,7 @@ void lh_free(LHASH *lh) OPENSSL_free(lh); } -void *lh_insert(LHASH *lh, const void *data) +void *lh_insert(LHASH *lh, void *data) { unsigned long hash; LHASH_NODE *nn,**rn; diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index 7c1d486425..d392d0cd80 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -78,7 +78,7 @@ extern "C" { typedef struct lhash_node_st { - const void *data; + void *data; struct lhash_node_st *next; #ifndef OPENSSL_NO_HASH_COMP unsigned long hash; @@ -87,8 +87,8 @@ typedef struct lhash_node_st typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); -typedef void (*LHASH_DOALL_FN_TYPE)(const void *); -typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); +typedef void (*LHASH_DOALL_FN_TYPE)(void *); +typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); /* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. * This way, callbacks can be provided to LHASH structures without function @@ -118,18 +118,18 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); /* Third: "doall" functions */ #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(const void *); + void f_name##_LHASH_DOALL(void *); #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(const void *arg) { \ + void f_name##_LHASH_DOALL(void *arg) { \ o_type a = (o_type)arg; \ f_name(a); } #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL /* Fourth: "doall_arg" functions */ #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(const void *, void *); + void f_name##_LHASH_DOALL_ARG(void *, void *); #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \ + void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ o_type a = (o_type)arg1; \ a_type b = (a_type)arg2; \ f_name(a,b); } @@ -173,7 +173,7 @@ typedef struct lhash_st LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); void lh_free(LHASH *lh); -void *lh_insert(LHASH *lh, const void *data); +void *lh_insert(LHASH *lh, void *data); void *lh_delete(LHASH *lh, const void *data); void *lh_retrieve(LHASH *lh, const void *data); void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); diff --git a/crypto/md2/Makefile.ssl b/crypto/md2/Makefile.ssl index e5b3265a44..3206924c90 100644 --- a/crypto/md2/Makefile.ssl +++ b/crypto/md2/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index 901d0a7d8e..13cbec4ab0 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -59,7 +59,6 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <openssl/md2.h> #include "../e_os.h" @@ -71,6 +70,7 @@ int main(int argc, char *argv[]) } #else #include <openssl/evp.h> +#include <openssl/md2.h> #ifdef CHARSET_EBCDIC #include <openssl/ebcdic.h> @@ -124,6 +124,9 @@ int main(int argc, char *argv[]) R++; P++; } +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); } diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 573850b122..0cdc06e31e 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -184,6 +184,8 @@ # elif defined(__MWERKS__) # if defined(__POWERPC__) # define ROTATE(a,n) __rlwinm(a,n,0,31) +# elif defined(OPENSSL_SYSNAME_NETWARE) +# define ROTATE(a,n) _lrotl(a,n) # elif defined(__MC68K__) /* Motorola specific tweak. <appro@fy.chalmers.se> */ # define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) @@ -484,7 +486,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) if ((((unsigned long)data)%4) == 0) { /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw); + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw); sw*=HASH_CBLOCK; data+=sw; len-=sw; @@ -532,7 +534,7 @@ void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) if ((((unsigned long)data)%4) == 0) /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1); + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1); else #if !defined(HASH_BLOCK_DATA_ORDER) { diff --git a/crypto/md4/Makefile.ssl b/crypto/md4/Makefile.ssl index 4d2d7369e6..7d2e8d8d3b 100644 --- a/crypto/md4/Makefile.ssl +++ b/crypto/md4/Makefile.ssl @@ -48,7 +48,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/md5/Makefile.ssl b/crypto/md5/Makefile.ssl index 56cab5d882..2361775a2d 100644 --- a/crypto/md5/Makefile.ssl +++ b/crypto/md5/Makefile.ssl @@ -6,7 +6,7 @@ DIR= md5 TOP= ../.. CC= cc CPP= $(CC) -E -INCLUDES= +INCLUDES=-I.. -I$(TOP) -I../../include CFLAG=-g INSTALL_PREFIX= OPENSSLDIR= /usr/local/ssl @@ -20,6 +20,7 @@ AR= ar r MD5_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=md5test.c @@ -83,7 +84,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl index 5fc6a205ce..fa3fa3bed5 100644 --- a/crypto/md5/asm/md5-586.pl +++ b/crypto/md5/asm/md5-586.pl @@ -293,7 +293,7 @@ sub md5_block &mov(&DWP(12,$tmp2,"",0),$D); &cmp($tmp1,$X) unless $normal; # check count - &jge(&label("start")) unless $normal; + &jae(&label("start")) unless $normal; &pop("eax"); # pop the temp variable off the stack &pop("ebx"); diff --git a/crypto/md5/asm/md5-sparcv9.S b/crypto/md5/asm/md5-sparcv9.S index a599ed5660..db45aa4c97 100644 --- a/crypto/md5/asm/md5-sparcv9.S +++ b/crypto/md5/asm/md5-sparcv9.S @@ -34,10 +34,12 @@ * * or if above fails (it does if you have gas): * - * gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ + * gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ * as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o */ +#include <openssl/e_os2.h> + #define A %o0 #define B %o1 #define C %o2 diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c index bfd62629ed..667b6be344 100644 --- a/crypto/md5/md5test.c +++ b/crypto/md5/md5test.c @@ -120,6 +120,10 @@ int main(int argc, char *argv[]) R++; P++; } + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(0); } diff --git a/crypto/mdc2/Makefile.ssl b/crypto/mdc2/Makefile.ssl index 387d7f8cd8..33f366fb08 100644 --- a/crypto/mdc2/Makefile.ssl +++ b/crypto/mdc2/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c index c9abe99d92..017b31add2 100644 --- a/crypto/mdc2/mdc2test.c +++ b/crypto/mdc2/mdc2test.c @@ -140,6 +140,9 @@ int main(int argc, char *argv[]) printf("pad2 - ok\n"); EVP_MD_CTX_cleanup(&c); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(ret); } diff --git a/crypto/mem.c b/crypto/mem.c index acfe5c7cf3..1bb1b74450 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -265,7 +265,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) void *ret = NULL; extern unsigned char cleanse_ctr; - if (num < 0) return NULL; + if (num <= 0) return NULL; allow_customize = 0; if (malloc_debug_func != NULL) @@ -306,7 +306,7 @@ void *CRYPTO_malloc(int num, const char *file, int line) void *ret = NULL; extern unsigned char cleanse_ctr; - if (num < 0) return NULL; + if (num <= 0) return NULL; allow_customize = 0; if (malloc_debug_func != NULL) @@ -337,7 +337,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) if (str == NULL) return CRYPTO_malloc(num, file, line); - if (num < 0) return NULL; + if (num <= 0) return NULL; if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); @@ -359,17 +359,21 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, if (str == NULL) return CRYPTO_malloc(num, file, line); - if (num < 0) return NULL; + if (num <= 0) return NULL; if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret=malloc_ex_func(num,file,line); if(ret) + { memcpy(ret,str,old_len); - OPENSSL_cleanse(str,old_len); - free_func(str); + OPENSSL_cleanse(str,old_len); + free_func(str); + } #ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); + fprintf(stderr, + "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", + str, ret, num); #endif if (realloc_debug_func != NULL) realloc_debug_func(str, ret, num, file, line, 1); diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 57bd08f65d..e212de27e4 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -597,6 +597,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) struct tm *lcl = NULL; unsigned long ti; +#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) + if(m->addr == (char *)l->bio) return; @@ -604,22 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l) { lcl = localtime(&m->time); - sprintf(bufp, "[%02d:%02d:%02d] ", + BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", lcl->tm_hour,lcl->tm_min,lcl->tm_sec); bufp += strlen(bufp); } - sprintf(bufp, "%5lu file=%s, line=%d, ", + BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", m->order,m->file,m->line); bufp += strlen(bufp); if (options & V_CRYPTO_MDEBUG_THREAD) { - sprintf(bufp, "thread=%lu, ", m->thread); + BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); bufp += strlen(bufp); } - sprintf(bufp, "number=%d, address=%08lX\n", + BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", m->num,(unsigned long)m->addr); bufp += strlen(bufp); @@ -641,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l) ami_cnt++; memset(buf,'>',ami_cnt); - sprintf(buf + ami_cnt, + BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, " thread=%lu, file=%s, line=%d, info=\"", amip->thread, amip->file, amip->line); buf_len=strlen(buf); @@ -653,10 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l) } else { - strcpy(buf + buf_len, amip->info); + BUF_strlcpy(buf + buf_len, amip->info, + sizeof buf - buf_len); buf_len = strlen(buf); } - sprintf(buf + buf_len, "\"\n"); + BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); BIO_puts(l->bio,buf); diff --git a/crypto/o_time.c b/crypto/o_time.c index 723eb1b5af..785468131e 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -73,7 +73,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) { struct tm *ts = NULL; -#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) +#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) /* should return &data, but doesn't on some systems, so we don't even look at the return value */ gmtime_r(timer,result); diff --git a/crypto/objects/Makefile.ssl b/crypto/objects/Makefile.ssl index 1f5d213495..3e7a194cf9 100644 --- a/crypto/objects/Makefile.ssl +++ b/crypto/objects/Makefile.ssl @@ -55,7 +55,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 5d983e3ed4..b1108568f3 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) if (i > 2) i=2; l-=(long)(i*40); - sprintf(tbuf,"%d.%lu",i,l); + BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l); i=strlen(tbuf); BUF_strlcpy(buf,tbuf,buf_len); buf_len-=i; @@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) for (; idx<len; idx++) { l|=p[idx]&0x7f; if (!(p[idx] & 0x80)) { - sprintf(tbuf,".%lu",l); + BIO_snprintf(tbuf,sizeof tbuf,".%lu",l); i=strlen(tbuf); if (buf_len > 0) BUF_strlcpy(buf,tbuf,buf_len); @@ -556,8 +556,14 @@ static int obj_cmp(const void *ap, const void *bp) const char *OBJ_bsearch(const char *key, const char *base, int num, int size, int (*cmp)(const void *, const void *)) { - int l,h,i,c; - const char *p; + return OBJ_bsearch_ex(key, base, num, size, cmp, 0); + } + +const char *OBJ_bsearch_ex(const char *key, const char *base, int num, + int size, int (*cmp)(const void *, const void *), int flags) + { + int l,h,i=0,c=0; + const char *p = NULL; if (num == 0) return(NULL); l=0; @@ -572,20 +578,33 @@ const char *OBJ_bsearch(const char *key, const char *base, int num, int size, else if (c > 0) l=i+1; else - return(p); + break; } #ifdef CHARSET_EBCDIC /* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and * I don't have perl (yet), we revert to a *LINEAR* search * when the object wasn't found in the binary search. */ - for (i=0; i<num; ++i) { - p= &(base[i*size]); - if ((*cmp)(key,p) == 0) - return p; - } + if (c != 0) + { + for (i=0; i<num; ++i) + { + p= &(base[i*size]); + c = (*cmp)(key,p); + if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))) + return p; + } + } #endif - return(NULL); + if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)) + p = NULL; + else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) + { + while(i > 0 && (*cmp)(key,&(base[(i-1)*size])) == 0) + i--; + p = &(base[i*size]); + } + return(p); } int OBJ_create_objects(BIO *in) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index c16ff85819..beb48b8460 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 721 -#define NUM_SN 716 -#define NUM_LN 716 -#define NUM_OBJ 690 +#define NUM_NID 726 +#define NUM_SN 721 +#define NUM_LN 721 +#define NUM_OBJ 693 -static unsigned char lvalues[4879]={ +static unsigned char lvalues[4882]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -432,7 +432,7 @@ static unsigned char lvalues[4879]={ 0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */ -0x50, /* [2894] OBJ_joint_iso_ccitt */ +0x00, /* [2894] OBJ_joint_iso_ccitt */ 0x55,0x01,0x05, /* [2895] OBJ_selected_attribute_types */ 0x55,0x01,0x05,0x37, /* [2898] OBJ_clearance */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */ @@ -758,6 +758,9 @@ static unsigned char lvalues[4879]={ 0x55,0x1D,0x20,0x00, /* [4868] OBJ_any_policy */ 0x55,0x1D,0x21, /* [4872] OBJ_policy_mappings */ 0x55,0x1D,0x1E, /* [4875] OBJ_name_constraints */ +0x00, /* [4878] OBJ_itu_t */ +0x50, /* [4879] OBJ_joint_iso_itu_t */ +0x67, /* [4880] OBJ_international_organizations */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1370,8 +1373,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0}, {"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0}, {"domain","Domain",NID_Domain,10,&(lvalues[2884]),0}, -{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1, - &(lvalues[2894]),0}, +{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2894]),0}, {"selected-attribute-types","Selected Attribute Types", NID_selected_attribute_types,3,&(lvalues[2895]),0}, {"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0}, @@ -1389,7 +1391,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[2941]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, &(lvalues[2944]),0}, -{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2947]),0}, +{"NULL","NULL",NID_ccitt,1,&(lvalues[2947]),0}, {"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0}, {"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0}, {"characteristic-two-field","characteristic-two-field", @@ -1887,6 +1889,13 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[4872]),0}, {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, &(lvalues[4875]),0}, +{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4878]),0}, +{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1, + &(lvalues[4879]),0}, +{"international-organizations","International Organizations", + NID_international_organizations,1,&(lvalues[4880]),0}, +{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL}, +{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1912,7 +1921,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[110]),/* "CAST5-CFB" */ &(nid_objs[109]),/* "CAST5-ECB" */ &(nid_objs[111]),/* "CAST5-OFB" */ -&(nid_objs[404]),/* "CCITT" */ &(nid_objs[13]),/* "CN" */ &(nid_objs[141]),/* "CRLReason" */ &(nid_objs[417]),/* "CSPName" */ @@ -1947,7 +1955,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[46]),/* "IDEA-OFB" */ &(nid_objs[181]),/* "ISO" */ &(nid_objs[183]),/* "ISO-US" */ -&(nid_objs[393]),/* "JOINT-ISO-CCITT" */ +&(nid_objs[721]),/* "ITU-T" */ +&(nid_objs[722]),/* "JOINT-ISO-ITU-T" */ &(nid_objs[15]),/* "L" */ &(nid_objs[ 3]),/* "MD2" */ &(nid_objs[257]),/* "MD4" */ @@ -1955,6 +1964,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[114]),/* "MD5-SHA1" */ &(nid_objs[95]),/* "MDC2" */ &(nid_objs[388]),/* "Mail" */ +&(nid_objs[393]),/* "NULL" */ +&(nid_objs[404]),/* "NULL" */ &(nid_objs[57]),/* "Netscape" */ &(nid_objs[366]),/* "Nonce" */ &(nid_objs[17]),/* "O" */ @@ -1962,6 +1973,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[180]),/* "OCSPSigning" */ &(nid_objs[379]),/* "ORG" */ &(nid_objs[18]),/* "OU" */ +&(nid_objs[724]),/* "Oakley-EC2N-3" */ +&(nid_objs[725]),/* "Oakley-EC2N-4" */ &(nid_objs[ 9]),/* "PBE-MD2-DES" */ &(nid_objs[168]),/* "PBE-MD2-RC2-64" */ &(nid_objs[10]),/* "PBE-MD5-DES" */ @@ -2291,6 +2304,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[527]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ &(nid_objs[101]),/* "initials" */ +&(nid_objs[723]),/* "international-organizations" */ &(nid_objs[142]),/* "invalidityDate" */ &(nid_objs[294]),/* "ipsecEndSystem" */ &(nid_objs[295]),/* "ipsecTunnel" */ @@ -2634,6 +2648,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[296]),/* "IPSec User" */ &(nid_objs[182]),/* "ISO Member Body" */ &(nid_objs[183]),/* "ISO US Member Body" */ +&(nid_objs[723]),/* "International Organizations" */ &(nid_objs[142]),/* "Invalidity Date" */ &(nid_objs[569]),/* "MIME MHS" */ &(nid_objs[388]),/* "Mail" */ @@ -2647,6 +2662,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[716]),/* "Microsoft Smartcardlogin" */ &(nid_objs[136]),/* "Microsoft Trust List Signing" */ &(nid_objs[717]),/* "Microsoft Universal Principal Name" */ +&(nid_objs[393]),/* "NULL" */ +&(nid_objs[404]),/* "NULL" */ &(nid_objs[72]),/* "Netscape Base Url" */ &(nid_objs[76]),/* "Netscape CA Policy Url" */ &(nid_objs[74]),/* "Netscape CA Revocation Url" */ @@ -2765,7 +2782,6 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[110]),/* "cast5-cfb" */ &(nid_objs[109]),/* "cast5-ecb" */ &(nid_objs[111]),/* "cast5-ofb" */ -&(nid_objs[404]),/* "ccitt" */ &(nid_objs[152]),/* "certBag" */ &(nid_objs[528]),/* "certicom-arc" */ &(nid_objs[581]),/* "certificate extensions" */ @@ -3013,10 +3029,13 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[527]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ &(nid_objs[101]),/* "initials" */ +&(nid_objs[724]),/* "ipsec3" */ +&(nid_objs[725]),/* "ipsec4" */ &(nid_objs[181]),/* "iso" */ &(nid_objs[687]),/* "issuer capabilities" */ +&(nid_objs[721]),/* "itu-t" */ &(nid_objs[492]),/* "janetMailbox" */ -&(nid_objs[393]),/* "joint-iso-ccitt" */ +&(nid_objs[722]),/* "joint-iso-itu-t" */ &(nid_objs[150]),/* "keyBag" */ &(nid_objs[477]),/* "lastModifiedBy" */ &(nid_objs[476]),/* "lastModifiedTime" */ @@ -3329,14 +3348,17 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 0]),/* OBJ_undef 0 */ -&(nid_objs[404]),/* OBJ_ccitt 0 */ +&(nid_objs[393]),/* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ +&(nid_objs[404]),/* OBJ_ccitt OBJ_itu_t */ +&(nid_objs[721]),/* OBJ_itu_t 0 */ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ -&(nid_objs[527]),/* OBJ_identified_organization 1 3 */ &(nid_objs[379]),/* OBJ_org 1 3 */ -&(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ +&(nid_objs[527]),/* OBJ_identified_organization 1 3 */ +&(nid_objs[722]),/* OBJ_joint_iso_itu_t 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ +&(nid_objs[723]),/* OBJ_international_organizations 2 23 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ &(nid_objs[12]),/* OBJ_X509 2 5 4 */ &(nid_objs[378]),/* OBJ_X500algorithms 2 5 8 */ diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl index 5dfb84ea00..d0371661f9 100644 --- a/crypto/objects/obj_dat.pl +++ b/crypto/objects/obj_dat.pl @@ -1,5 +1,9 @@ #!/usr/local/bin/perl +# fixes bug in floating point emulation on sparc64 when +# this script produces off-by-one output on sparc64 +use integer; + sub obj_cmp { local(@a,@b,$_,$r); diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 9417e8c7c9..ba871f478d 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -67,20 +67,26 @@ #define NID_undef 0 #define OBJ_undef 0L -#define SN_ccitt "CCITT" -#define LN_ccitt "ccitt" +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 721 +#define OBJ_itu_t 0L + #define NID_ccitt 404 -#define OBJ_ccitt 0L +#define OBJ_ccitt OBJ_itu_t #define SN_iso "ISO" #define LN_iso "iso" #define NID_iso 181 #define OBJ_iso 1L -#define SN_joint_iso_ccitt "JOINT-ISO-CCITT" -#define LN_joint_iso_ccitt "joint-iso-ccitt" +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 722 +#define OBJ_joint_iso_itu_t 2L + #define NID_joint_iso_ccitt 393 -#define OBJ_joint_iso_ccitt 2L +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t #define SN_member_body "member-body" #define LN_member_body "ISO Member Body" @@ -95,9 +101,14 @@ #define NID_certicom_arc 528 #define OBJ_certicom_arc OBJ_identified_organization,132L +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 723 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + #define SN_wap "wap" #define NID_wap 562 -#define OBJ_wap OBJ_joint_iso_ccitt,23L,43L +#define OBJ_wap OBJ_international_organizations,43L #define SN_wap_wsg "wap-wsg" #define NID_wap_wsg 563 @@ -106,7 +117,7 @@ #define SN_selected_attribute_types "selected-attribute-types" #define LN_selected_attribute_types "Selected Attribute Types" #define NID_selected_attribute_types 394 -#define OBJ_selected_attribute_types OBJ_joint_iso_ccitt,5L,1L,5L +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L #define SN_clearance "clearance" #define NID_clearance 395 @@ -2332,7 +2343,7 @@ #define SN_data "data" #define NID_data 434 -#define OBJ_data OBJ_ccitt,9L +#define OBJ_data OBJ_itu_t,9L #define SN_pss "pss" #define NID_pss 435 @@ -2621,7 +2632,7 @@ #define SN_id_set "id-set" #define LN_id_set "Secure Electronic Transactions" #define NID_id_set 576 -#define OBJ_id_set 2L,23L,42L +#define OBJ_id_set OBJ_international_organizations,42L #define SN_set_ctype "set-ctype" #define LN_set_ctype "content types" @@ -3165,3 +3176,11 @@ #define NID_rsaOAEPEncryptionSET 708 #define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 724 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 725 + diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index e84922d458..b4ff8f0267 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -718,3 +718,8 @@ ms_upn 717 any_policy 718 policy_mappings 719 name_constraints 720 +itu_t 721 +joint_iso_itu_t 722 +international_organizations 723 +ipsec3 724 +ipsec4 725 diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index de10532813..8b509516fc 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -966,7 +966,10 @@ #define OBJ_NAME_TYPE_COMP_METH 0x04 #define OBJ_NAME_TYPE_NUM 0x05 -#define OBJ_NAME_ALIAS 0x8000 +#define OBJ_NAME_ALIAS 0x8000 + +#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 #ifdef __cplusplus @@ -1010,6 +1013,8 @@ int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); const char * OBJ_bsearch(const char *key,const char *base,int num,int size, int (*cmp)(const void *, const void *)); +const char * OBJ_bsearch_ex(const char *key,const char *base,int num, + int size, int (*cmp)(const void *, const void *), int flags); int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index feeed99b57..0160b3e5f5 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1,8 +1,11 @@ -0 : CCITT : ccitt +# CCITT was renamed to ITU-T quite some time ago +0 : ITU-T : itu-t +!Alias ccitt itu-t 1 : ISO : iso -2 : JOINT-ISO-CCITT : joint-iso-ccitt +2 : JOINT-ISO-ITU-T : joint-iso-itu-t +!Alias joint-iso-ccitt joint-iso-itu-t iso 2 : member-body : ISO Member Body @@ -10,10 +13,12 @@ iso 3 : identified-organization identified-organization 132 : certicom-arc -joint-iso-ccitt 23 43 : wap +joint-iso-itu-t 23 : international-organizations : International Organizations + +international-organizations 43 : wap wap 13 : wap-wsg -joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types +joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types selected-attribute-types 55 : clearance @@ -781,9 +786,9 @@ holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer !Cname hold-instruction-reject holdInstruction 3 : holdInstructionReject : Hold Instruction Reject -# OID's from CCITT. Most of this is defined in RFC 1274. A couple of +# OID's from ITU-T. Most of this is defined in RFC 1274. A couple of # them are also mentioned in RFC 2247 -ccitt 9 : data +itu-t 9 : data data 2342 : pss pss 19200300 : ucl ucl 100 : pilot @@ -857,7 +862,7 @@ pilotAttributeType 54 : : dITRedirect pilotAttributeType 55 : audio pilotAttributeType 56 : : documentPublisher -2 23 42 : id-set : Secure Electronic Transactions +international-organizations 42 : id-set : Secure Electronic Transactions id-set 0 : set-ctype : content types id-set 1 : set-msgExt : message extensions @@ -1003,3 +1008,6 @@ set-brand 6011 : set-brand-Novus rsadsi 3 10 : DES-CDMF : des-cdmf rsadsi 1 1 6 : rsaOAEPEncryptionSET + + : Oakley-EC2N-3 : ipsec3 + : Oakley-EC2N-4 : ipsec4 diff --git a/crypto/ocsp/Makefile.ssl b/crypto/ocsp/Makefile.ssl index 8f26819532..8d29f17288 100644 --- a/crypto/ocsp/Makefile.ssl +++ b/crypto/ocsp/Makefile.ssl @@ -50,7 +50,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile ; + @sh $(TOP)/util/point.sh Makefile.ssl Makefile ; @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h index b50e9ae256..46200a80b1 100644 --- a/crypto/ossl_typ.h +++ b/crypto/ossl_typ.h @@ -97,6 +97,7 @@ typedef int ASN1_NULL; #ifdef OPENSSL_SYS_WIN32 #undef X509_NAME +#undef X509_CERT_PAIR #undef PKCS7_ISSUER_AND_SERIAL #endif diff --git a/crypto/pem/Makefile.ssl b/crypto/pem/Makefile.ssl index 56f829a216..5437a9e4ac 100644 --- a/crypto/pem/Makefile.ssl +++ b/crypto/pem/Makefile.ssl @@ -50,7 +50,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: $(EXHEADER) - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 900af737ed..e921cc4c12 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type) else str="BAD-TYPE"; - strcat(buf,"Proc-Type: 4,"); - strcat(buf,str); - strcat(buf,"\n"); + BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); + BUF_strlcat(buf,str,PEM_BUFSIZE); + BUF_strlcat(buf,"\n",PEM_BUFSIZE); } void PEM_dek_info(char *buf, const char *type, int len, char *str) @@ -142,10 +142,12 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) long i; int j; - strcat(buf,"DEK-Info: "); - strcat(buf,type); - strcat(buf,","); + BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); + BUF_strlcat(buf,type,PEM_BUFSIZE); + BUF_strlcat(buf,",",PEM_BUFSIZE); j=strlen(buf); + if (j + (len * 2) + 1 > PEM_BUFSIZE) + return; for (i=0; i<len; i++) { buf[j+i*2] =map[(str[i]>>4)&0x0f]; @@ -336,7 +338,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ - OPENSSL_assert(enc->iv_len <= sizeof iv); + OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl index 1cb96e914a..f9c7c37aca 100644 --- a/crypto/perlasm/x86asm.pl +++ b/crypto/perlasm/x86asm.pl @@ -18,7 +18,7 @@ sub main'asm_init ($type,$fn,$i386)=@_; $filename=$fn; - $elf=$cpp=$sol=$aout=$win32=$gaswin=0; + $elf=$cpp=$sol=$aout=$win32=$gaswin=$netware=0; if ( ($type eq "elf")) { $elf=1; require "x86unix.pl"; } elsif ( ($type eq "a.out")) @@ -33,6 +33,10 @@ sub main'asm_init { $win32=1; require "x86ms.pl"; } elsif ( ($type eq "win32n")) { $win32=1; require "x86nasm.pl"; } + elsif ( ($type eq "nw-nasm")) + { $netware=1; require "x86nasm_nw.pl"; } + elsif ( ($type eq "nw-mwasm")) + { $netware=1; require "x86mwasm_nw.pl"; } else { print STDERR <<"EOF"; @@ -43,6 +47,8 @@ Pick one target type from cpp - format so x86unix.cpp can be used win32 - Windows 95/Windows NT win32n - Windows 95/Windows NT NASM format + nw-nasm - NetWare NASM format + nw-mwasm- NetWare Metrowerks Assembler EOF exit(1); } diff --git a/crypto/perlasm/x86ms.pl b/crypto/perlasm/x86ms.pl index 35f1a4ddb9..fbb4afb9bd 100644 --- a/crypto/perlasm/x86ms.pl +++ b/crypto/perlasm/x86ms.pl @@ -144,7 +144,10 @@ sub main'jle { &out1("jle",@_); } sub main'jz { &out1("jz",@_); } sub main'jge { &out1("jge",@_); } sub main'jl { &out1("jl",@_); } +sub main'ja { &out1("ja",@_); } +sub main'jae { &out1("jae",@_); } sub main'jb { &out1("jb",@_); } +sub main'jbe { &out1("jbe",@_); } sub main'jc { &out1("jc",@_); } sub main'jnc { &out1("jnc",@_); } sub main'jnz { &out1("jnz",@_); } diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index f30b7466d4..30346af4ea 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -152,7 +152,10 @@ sub main'jle { &out1("jle NEAR",@_); } sub main'jz { &out1("jz NEAR",@_); } sub main'jge { &out1("jge NEAR",@_); } sub main'jl { &out1("jl NEAR",@_); } +sub main'ja { &out1("ja NEAR",@_); } +sub main'jae { &out1("jae NEAR",@_); } sub main'jb { &out1("jb NEAR",@_); } +sub main'jbe { &out1("jbe NEAR",@_); } sub main'jc { &out1("jc NEAR",@_); } sub main'jnc { &out1("jnc NEAR",@_); } sub main'jnz { &out1("jnz NEAR",@_); } diff --git a/crypto/perlasm/x86unix.pl b/crypto/perlasm/x86unix.pl index 72bde061c5..10b669bf04 100644 --- a/crypto/perlasm/x86unix.pl +++ b/crypto/perlasm/x86unix.pl @@ -156,7 +156,10 @@ sub main'jnz { &out1("jnz",@_); } sub main'jz { &out1("jz",@_); } sub main'jge { &out1("jge",@_); } sub main'jl { &out1("jl",@_); } +sub main'ja { &out1("ja",@_); } +sub main'jae { &out1("jae",@_); } sub main'jb { &out1("jb",@_); } +sub main'jbe { &out1("jbe",@_); } sub main'jc { &out1("jc",@_); } sub main'jnc { &out1("jnc",@_); } sub main'jno { &out1("jno",@_); } diff --git a/crypto/pkcs12/Makefile.ssl b/crypto/pkcs12/Makefile.ssl index 57c2b430c9..80555e11a1 100644 --- a/crypto/pkcs12/Makefile.ssl +++ b/crypto/pkcs12/Makefile.ssl @@ -53,7 +53,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl index 6a7f3b99f5..f4ec4e4c86 100644 --- a/crypto/pkcs7/Makefile.ssl +++ b/crypto/pkcs7/Makefile.ssl @@ -68,7 +68,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 123671b43e..0b262fa065 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -91,26 +91,64 @@ static int PKCS7_type_is_other(PKCS7* p7) } -static int PKCS7_type_is_octet_string(PKCS7* p7) +static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) { - if ( 0==PKCS7_type_is_other(p7) ) - return 0; + if ( PKCS7_type_is_data(p7)) + return p7->d.data; + if ( PKCS7_type_is_other(p7) && p7->d.other + && (p7->d.other->type == V_ASN1_OCTET_STRING)) + return p7->d.other->value.octet_string; + return NULL; + } + +static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) + { + BIO *btmp; + const EVP_MD *md; + if ((btmp=BIO_new(BIO_f_md())) == NULL) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + goto err; + } + + md=EVP_get_digestbyobj(alg->algorithm); + if (md == NULL) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); + goto err; + } + + BIO_set_md(btmp,md); + if (*pbio == NULL) + *pbio=btmp; + else if (!BIO_push(*pbio,btmp)) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + goto err; + } + btmp=NULL; + + return 1; + + err: + if (btmp) + BIO_free(btmp); + return 0; - return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0; } BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { - int i,j; + int i; BIO *out=NULL,*btmp=NULL; - X509_ALGOR *xa; - const EVP_MD *evp_md; + X509_ALGOR *xa = NULL; const EVP_CIPHER *evp_cipher=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; EVP_PKEY *pkey; + ASN1_OCTET_STRING *os=NULL; i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -119,6 +157,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { case NID_pkcs7_signed: md_sk=p7->d.sign->md_algs; + os = PKCS7_get_octet_string(p7->d.sign->contents); break; case NID_pkcs7_signedAndEnveloped: rsk=p7->d.signed_and_enveloped->recipientinfo; @@ -143,38 +182,21 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) goto err; } break; + case NID_pkcs7_digest: + xa = p7->d.digest->md; + os = PKCS7_get_octet_string(p7->d.digest->contents); + break; default: PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; } - if (md_sk != NULL) - { - for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) - { - xa=sk_X509_ALGOR_value(md_sk,i); - if ((btmp=BIO_new(BIO_f_md())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); - goto err; - } - - j=OBJ_obj2nid(xa->algorithm); - evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); - if (evp_md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); - goto err; - } + for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) + if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) + goto err; - BIO_set_md(btmp,evp_md); - if (out == NULL) - out=btmp; - else - BIO_push(out,btmp); - btmp=NULL; - } - } + if (xa && !PKCS7_bio_add_digest(&out, xa)) + goto err; if (evp_cipher != NULL) { @@ -250,30 +272,18 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) btmp=NULL; } - if (bio == NULL) { + if (bio == NULL) + { if (PKCS7_is_detached(p7)) bio=BIO_new(BIO_s_null()); - else { - if (PKCS7_type_is_signed(p7) ) { - if ( PKCS7_type_is_data(p7->d.sign->contents)) { - ASN1_OCTET_STRING *os; - os=p7->d.sign->contents->d.data; - if (os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - } - else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) { - ASN1_OCTET_STRING *os; - os=p7->d.sign->contents->d.other->value.octet_string; - if (os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - } - } - if(bio == NULL) { - bio=BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bio,0); + else if (os && os->length > 0) + bio = BIO_new_mem_buf(os->data, os->length); + if(bio == NULL) + { + bio=BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bio,0); } } - } BIO_push(out,bio); bio=NULL; if (0) @@ -311,7 +321,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) switch (i) { case NID_pkcs7_signed: - data_body=p7->d.sign->contents->d.data; + data_body=PKCS7_get_octet_string(p7->d.sign->contents); md_sk=p7->d.sign->md_algs; break; case NID_pkcs7_signedAndEnveloped: @@ -319,7 +329,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) md_sk=p7->d.signed_and_enveloped->md_algs; data_body=p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; - evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); + evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); @@ -331,7 +341,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) rsk=p7->d.enveloped->recipientinfo; enc_alg=p7->d.enveloped->enc_data->algorithm; data_body=p7->d.enveloped->enc_data->enc_data; - evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); + evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); @@ -357,7 +367,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } j=OBJ_obj2nid(xa->algorithm); - evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); + evp_md=EVP_get_digestbynid(j); if (evp_md == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); @@ -499,6 +509,29 @@ err: return(out); } +static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) + { + for (;;) + { + bio=BIO_find_type(bio,BIO_TYPE_MD); + if (bio == NULL) + { + PKCS7err(PKCS7_F_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + return NULL; + } + BIO_get_md_ctx(bio,pmd); + if (*pmd == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); + return NULL; + } + if (EVP_MD_CTX_type(*pmd) == nid) + return bio; + bio=BIO_next(bio); + } + return NULL; + } + int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) { int ret=0; @@ -531,13 +564,24 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) break; case NID_pkcs7_signed: si_sk=p7->d.sign->signer_info; - os=p7->d.sign->contents->d.data; + os=PKCS7_get_octet_string(p7->d.sign->contents); /* If detached data then the content is excluded */ - if(p7->detached) { + if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); p7->d.sign->contents->d.data = NULL; } break; + + case NID_pkcs7_digest: + os=PKCS7_get_octet_string(p7->d.digest->contents); + /* If detached data then the content is excluded */ + if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) + { + M_ASN1_OCTET_STRING_free(os); + p7->d.digest->contents->d.data = NULL; + } + break; + } if (si_sk != NULL) @@ -555,26 +599,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) j=OBJ_obj2nid(si->digest_alg->algorithm); btmp=bio; - for (;;) - { - if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) - == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); - goto err; - } - BIO_get_md_ctx(btmp,&mdc); - if (mdc == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); - goto err; - } - if (EVP_MD_CTX_type(mdc) == j) - break; - else - btmp=BIO_next(btmp); - } - + + btmp = PKCS7_find_digest(&mdc, btmp, j); + + if (btmp == NULL) + goto err; + /* We now have the EVP_MD_CTX, lets do the * signing. */ EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); @@ -647,6 +677,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) } } } + else if (i == NID_pkcs7_digest) + { + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; + if (!PKCS7_find_digest(&mdc, bio, + OBJ_obj2nid(p7->d.digest->md->algorithm))) + goto err; + EVP_DigestFinal_ex(mdc,md_data,&md_len); + M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); + } if (!PKCS7_is_detached(p7)) { @@ -771,6 +811,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } if (EVP_MD_CTX_type(mdc) == md_type) break; + /* Workaround for some broken clients that put the signature + * OID instead of the digest OID in digest_alg->algorithm + */ + if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) + break; btmp=BIO_next(btmp); } diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 9b647b2121..70ee44be8f 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -138,6 +138,10 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: + if (p7->d.digest->contents != NULL) + PKCS7_free(p7->d.digest->contents); + p7->d.digest->contents=p7_data; + break; case NID_pkcs7_data: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: @@ -197,6 +201,11 @@ int PKCS7_set_type(PKCS7 *p7, int type) break; case NID_pkcs7_digest: + p7->type=obj; + if ((p7->d.digest=PKCS7_DIGEST_new()) + == NULL) goto err; + ASN1_INTEGER_set(p7->d.digest->version,0); + break; default: PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; @@ -206,6 +215,13 @@ err: return(0); } +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) + { + p7->type = OBJ_nid2obj(type); + p7->d.other = other; + return 1; + } + int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) { int i,j,nid; @@ -398,6 +414,24 @@ err: return(NULL); } +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) + { + if (PKCS7_type_is_digest(p7)) + { + if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) + { + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); + return 0; + } + p7->d.digest->md->parameter->type = V_ASN1_NULL; + p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); + return 1; + } + + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); + return 1; + } + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { if (PKCS7_type_is_signed(p7)) diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 431aff94f0..1823418465 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -102,7 +102,7 @@ static int mime_param_cmp(const MIME_PARAM * const *a, static void mime_param_free(MIME_PARAM *param); static int mime_bound_check(char *line, int linelen, char *bound, int blen); static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); -static int iscrlf(char c); +static int strip_eol(char *linebuf, int *plen); static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); static void mime_hdr_free(MIME_HEADER *hdr); @@ -153,6 +153,15 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { char bound[33], c; int i; + char *mime_prefix, *mime_eol; + if (flags & PKCS7_NOOLDMIMETYPE) + mime_prefix = "application/pkcs7-"; + else + mime_prefix = "application/x-pkcs7-"; + if (flags & PKCS7_CRLFEOL) + mime_eol = "\r\n"; + else + mime_eol = "\n"; if((flags & PKCS7_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ @@ -164,34 +173,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) bound[i] = c; } bound[32] = 0; - BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); BIO_printf(bio, "Content-Type: multipart/signed;"); - BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";"); - BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound); - BIO_printf(bio, "This is an S/MIME signed message\n\n"); + BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); + BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s", + bound, mime_eol, mime_eol); + BIO_printf(bio, "This is an S/MIME signed message%s%s", + mime_eol, mime_eol); /* Now write out the first part */ - BIO_printf(bio, "------%s\r\n", bound); - + BIO_printf(bio, "------%s%s", bound, mime_eol); pkcs7_output_data(bio, data, p7, flags); - - BIO_printf(bio, "\n------%s\n", bound); + BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); /* Headers for signature */ - BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n"); + BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s", + mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7s\"%s%s", + mime_eol, mime_eol); B64_write_PKCS7(bio, p7); - BIO_printf(bio,"\n------%s--\n\n", bound); + BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, + mime_eol, mime_eol); return 1; } /* MIME headers */ - BIO_printf(bio, "MIME-Version: 1.0\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n"); + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, "Content-Type: %smime;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", + mime_eol, mime_eol); B64_write_PKCS7(bio, p7); - BIO_printf(bio, "\n"); + BIO_printf(bio, "%s", mime_eol); return 1; } @@ -358,12 +375,9 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { - eol = 0; - while(iscrlf(linebuf[len - 1])) { - len--; - eol = 1; - } - BIO_write(out, linebuf, len); + eol = strip_eol(linebuf, &len); + if (len) + BIO_write(out, linebuf, len); if(eol) BIO_write(out, "\r\n", 2); } return 1; @@ -406,6 +420,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) { char linebuf[MAX_SMLEN]; int len, blen; + int eol = 0, next_eol = 0; BIO *bpart = NULL; STACK_OF(BIO) *parts; char state, part, first; @@ -425,26 +440,23 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) sk_BIO_push(parts, bpart); return 1; } else if(part) { + /* Strip CR+LF from linebuf */ + next_eol = strip_eol(linebuf, &len); if(first) { first = 0; if(bpart) sk_BIO_push(parts, bpart); bpart = BIO_new(BIO_s_mem()); - - } else BIO_write(bpart, "\r\n", 2); - /* Strip CR+LF from linebuf */ - while(iscrlf(linebuf[len - 1])) len--; - BIO_write(bpart, linebuf, len); + BIO_set_mem_eof_return(bpart, 0); + } else if (eol) + BIO_write(bpart, "\r\n", 2); + eol = next_eol; + if (len) + BIO_write(bpart, linebuf, len); } } return 0; } -static int iscrlf(char c) -{ - if(c == '\r' || c == '\n') return 1; - return 0; -} - /* This is the big one: parse MIME header lines up to message body */ #define MIME_INVALID 0 @@ -725,3 +737,21 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen) } return 0; } + +static int strip_eol(char *linebuf, int *plen) + { + int len = *plen; + char *p, c; + int is_eol = 0; + p = linebuf + len - 1; + for (p = linebuf + len - 1; len > 0; len--, p--) + { + c = *p; + if (c == '\n') + is_eol = 1; + else if (c != '\r') + break; + } + *plen = len; + return is_eol; + } diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index e6f6572666..788cd5d6c0 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -233,6 +233,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + #define PKCS7_set_detached(p,v) \ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) #define PKCS7_get_detached(p) \ @@ -260,7 +262,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_BINARY 0x80 #define PKCS7_NOATTR 0x100 #define PKCS7_NOSMIMECAP 0x200 -#define PKCS7_STREAM 0x400 +#define PKCS7_NOOLDMIMETYPE 0x400 +#define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 /* Flags: for compatibility with older code */ @@ -306,6 +310,7 @@ DECLARE_ASN1_NDEF_FUNCTION(PKCS7) long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); @@ -326,6 +331,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); @@ -376,11 +382,13 @@ void ERR_load_PKCS7_strings(void); /* Function codes. */ #define PKCS7_F_B64_READ_PKCS7 120 #define PKCS7_F_B64_WRITE_PKCS7 121 +#define PKCS7_F_FIND_DIGEST 127 #define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 #define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 #define PKCS7_F_PKCS7_ADD_CRL 101 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 #define PKCS7_F_PKCS7_ADD_SIGNER 103 +#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 #define PKCS7_F_PKCS7_CTRL 104 #define PKCS7_F_PKCS7_DATADECODE 112 #define PKCS7_F_PKCS7_DATAINIT 105 @@ -391,6 +399,7 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_F_PKCS7_GET0_SIGNERS 124 #define PKCS7_F_PKCS7_SET_CIPHER 108 #define PKCS7_F_PKCS7_SET_CONTENT 109 +#define PKCS7_F_PKCS7_SET_DIGEST 126 #define PKCS7_F_PKCS7_SET_TYPE 110 #define PKCS7_F_PKCS7_SIGN 116 #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c index 5e51527a40..0d481e0b79 100644 --- a/crypto/pkcs7/pkcs7err.c +++ b/crypto/pkcs7/pkcs7err.c @@ -1,6 +1,6 @@ /* crypto/pkcs7/pkcs7err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -68,11 +68,13 @@ static ERR_STRING_DATA PKCS7_str_functs[]= { {ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"}, {ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"}, +{ERR_PACK(0,PKCS7_F_FIND_DIGEST,0), "FIND_DIGEST"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, +{ERR_PACK(0,PKCS7_F_PKCS7_BIO_ADD_DIGEST,0), "PKCS7_BIO_ADD_DIGEST"}, {ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, {ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"}, {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, @@ -83,6 +85,7 @@ static ERR_STRING_DATA PKCS7_str_functs[]= {ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, +{ERR_PACK(0,PKCS7_F_PKCS7_SET_DIGEST,0), "PKCS7_set_digest"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, {ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"}, {ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"}, diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index 0c5bde3811..03d7896328 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -24,9 +24,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ - rand_win.c rand_unix.c rand_os2.c + rand_win.c rand_unix.c rand_os2.c rand_nw.c LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ - rand_win.o rand_unix.o rand_os2.o + rand_win.o rand_unix.o rand_os2.o rand_nw.o SRC= $(LIBSRC) @@ -49,7 +49,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) @@ -108,12 +108,27 @@ rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rand_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rand_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rand_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rand_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_lib.o: ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rand_lib.o: ../cryptlib.h rand_lib.c +rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +rand_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rand_lib.c +rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h +rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rand_nw.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rand_nw.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rand_nw.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index eeffc0df4c..66b229c9b9 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -300,7 +300,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) * other thread's seeding remains without effect (except for * the incremented counter). By XORing it we keep at least as * much entropy as fits into md. */ - for (k = 0; k < sizeof md; k++) + for (k = 0; k < (int)sizeof(md); k++) { md[k] ^= local_md[k]; } diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 1f168221e3..3eb36c7e5a 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -56,6 +56,7 @@ #include <openssl/e_os2.h> #include <openssl/rand.h> +#include <openssl/buffer.h> /* * Query the EGD <URL: http://www.lothar.com/tech/crypto/>. @@ -94,7 +95,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); @@ -145,7 +146,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) addr.sun_family = AF_UNIX; if (strlen(path) >= sizeof(addr.sun_path)) return (-1); - strcpy(addr.sun_path,path); + BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path); len = offsetof(struct sockaddr_un, sun_path) + strlen(path); fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) return (-1); diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index a776e52243..ef80201212 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -108,6 +108,7 @@ * Hudson (tjh@cryptsoft.com). * */ +#include <stdio.h> #define USE_SOCKETS #include "e_os.h" @@ -115,7 +116,7 @@ #include <openssl/rand.h> #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) #include <sys/types.h> #include <sys/time.h> @@ -124,6 +125,24 @@ #include <unistd.h> #include <time.h> +#ifdef __OpenBSD__ +int RAND_poll(void) +{ + u_int32_t rnd = 0, i; + unsigned char buf[ENTROPY_NEEDED]; + + for (i = 0; i < sizeof(buf); i++) { + if (i % 4 == 0) + rnd = arc4random(); + buf[i] = rnd; + rnd >>= 8; + } + RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); + memset(buf, 0, sizeof(buf)); + + return 1; +} +#else int RAND_poll(void) { unsigned long l; @@ -236,6 +255,7 @@ int RAND_poll(void) } #endif +#endif #if defined(OPENSSL_SYS_VXWORKS) int RAND_poll(void) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 113b58678f..3584842224 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO); typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); +typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); @@ -431,7 +432,7 @@ int RAND_poll(void) * This seeding method was proposed in Peter Gutmann, Software * Generation of Practically Strong Random Numbers, * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html - * revised version at http://www.cryptoengines.com/~peter/06_random.pdf + * revised version at http://www.cryptoengines.com/~peter/06_random.pdf * (The assignment of entropy estimates below is arbitrary, but based * on Peter's analysis the full poll appears to be safe. Additional * interactive seeding is encouraged.) @@ -440,6 +441,7 @@ int RAND_poll(void) if (kernel) { CREATETOOLHELP32SNAPSHOT snap; + CLOSETOOLHELP32SNAPSHOT close_snap; HANDLE handle; HEAP32FIRST heap_first; @@ -457,6 +459,8 @@ int RAND_poll(void) snap = (CREATETOOLHELP32SNAPSHOT) GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot")); + close_snap = (CLOSETOOLHELP32SNAPSHOT) + GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot")); heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First")); heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next")); heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst")); @@ -472,7 +476,7 @@ int RAND_poll(void) heaplist_next && process_first && process_next && thread_first && thread_next && module_first && module_next && (handle = snap(TH32CS_SNAPALL,0)) - != NULL) + != INVALID_HANDLE_VALUE) { /* heap list and heap walking */ /* HEAPLIST32 contains 3 fields that will change with @@ -534,8 +538,10 @@ int RAND_poll(void) do RAND_add(&m, m.dwSize, 9); while (module_next(handle, &m)); - - CloseHandle(handle); + if (close_snap) + close_snap(handle); + else + CloseHandle(handle); } FreeLibrary(kernel); @@ -640,7 +646,7 @@ static void readtimer(void) * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. * * Code adapted from - * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>; + * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>; * the original copyright message is: * * (C) Copyright Microsoft Corp. 1993. All rights reserved. diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 41574768ab..f1f250c5bf 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -56,6 +56,9 @@ * [including the GNU Public Licence.] */ +/* We need to define this to get macros like S_IFBLK and S_IFCHR */ +#define _XOPEN_SOURCE 1 + #include <errno.h> #include <stdio.h> #include <stdlib.h> @@ -64,6 +67,7 @@ #include "e_os.h" #include <openssl/crypto.h> #include <openssl/rand.h> +#include <openssl/buffer.h> #ifdef OPENSSL_SYS_VMS #include <unixio.h> @@ -106,6 +110,14 @@ int RAND_load_file(const char *file, long bytes) in=fopen(file,"rb"); if (in == NULL) goto err; + if (sb.st_mode & (S_IFBLK | S_IFCHR)) { + /* this file is a device. we don't want read an infinite number + * of bytes from a random device, nor do we want to use buffered + * I/O because we will waste system entropy. + */ + bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ + setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ + } for (;;) { if (bytes > 0) @@ -135,7 +147,20 @@ int RAND_write_file(const char *file) int i,ret=0,rand_err=0; FILE *out = NULL; int n; + struct stat sb; + i=stat(file,&sb); + if (i != -1) { + if (sb.st_mode & (S_IFBLK | S_IFCHR)) { + /* this file is a device. we don't write back to it. + * we "succeed" on the assumption this is some sort + * of random device. Otherwise attempting to write to + * and chmod the device causes problems. + */ + return(1); + } + } + #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) /* For some reason Win32 can't write to files created this way */ @@ -197,16 +222,17 @@ err: const char *RAND_file_name(char *buf, size_t size) { char *s=NULL; - char *ret=NULL; + int ok = 0; +#ifdef __OpenBSD__ + struct stat sb; +#endif if (OPENSSL_issetugid() == 0) s=getenv("RANDFILE"); - if (s != NULL) + if (s != NULL && *s && strlen(s) + 1 < size) { - if(strlen(s) >= size) + if (BUF_strlcpy(buf,s,size) >= size) return NULL; - strcpy(buf,s); - ret=buf; } else { @@ -218,17 +244,36 @@ const char *RAND_file_name(char *buf, size_t size) s = DEFAULT_HOME; } #endif - if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size)) + if (s && *s && strlen(s)+strlen(RFILE)+2 < size) { - strcpy(buf,s); + BUF_strlcpy(buf,s,size); #ifndef OPENSSL_SYS_VMS - strcat(buf,"/"); + BUF_strlcat(buf,"/",size); #endif - strcat(buf,RFILE); - ret=buf; + BUF_strlcat(buf,RFILE,size); + ok = 1; } else buf[0] = '\0'; /* no file name */ } - return(ret); + +#ifdef __OpenBSD__ + /* given that all random loads just fail if the file can't be + * seen on a stat, we stat the file we're returning, if it + * fails, use /dev/arandom instead. this allows the user to + * use their own source for good random data, but defaults + * to something hopefully decent if that isn't available. + */ + + if (!ok) + if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { + return(NULL); + } + if (stat(buf,&sb) == -1) + if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { + return(NULL); + } + +#endif + return(buf); } diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c index 701932e6ee..ef057c2c31 100644 --- a/crypto/rand/randtest.c +++ b/crypto/rand/randtest.c @@ -211,6 +211,9 @@ int main() printf("test 4 done\n"); err: err=((err)?1:0); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/rc2/Makefile.ssl b/crypto/rc2/Makefile.ssl index aa73dea5b6..98d5960d5d 100644 --- a/crypto/rc2/Makefile.ssl +++ b/crypto/rc2/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/rc2/rc2speed.c b/crypto/rc2/rc2speed.c index 47d34b444e..b16e6e2ed1 100644 --- a/crypto/rc2/rc2speed.c +++ b/crypto/rc2/rc2speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif + #ifndef _IRIX #include <time.h> #endif diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c index b67bafb49f..0e117436bb 100644 --- a/crypto/rc2/rc2test.c +++ b/crypto/rc2/rc2test.c @@ -205,6 +205,9 @@ int main(int argc, char *argv[]) printf("ok\n"); #endif +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(err); } diff --git a/crypto/rc4/Makefile.ssl b/crypto/rc4/Makefile.ssl index b210b42f8f..3e602662be 100644 --- a/crypto/rc4/Makefile.ssl +++ b/crypto/rc4/Makefile.ssl @@ -25,6 +25,7 @@ RC4_ENC=rc4_enc.o #RC4_ENC=asm/rx86bdsi.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=rc4test.c @@ -70,7 +71,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/rc4/rc4speed.c b/crypto/rc4/rc4speed.c index ced98c52df..0ebd38123d 100644 --- a/crypto/rc4/rc4speed.c +++ b/crypto/rc4/rc4speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif + #ifndef _IRIX #include <time.h> #endif diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c index b9d8f20975..18154025eb 100644 --- a/crypto/rc4/rc4test.c +++ b/crypto/rc4/rc4test.c @@ -197,6 +197,9 @@ int main(int argc, char *argv[]) } } printf("done\n"); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(0); } diff --git a/crypto/rc5/Makefile.ssl b/crypto/rc5/Makefile.ssl index fcdeb1e81e..70d01f3761 100644 --- a/crypto/rc5/Makefile.ssl +++ b/crypto/rc5/Makefile.ssl @@ -22,6 +22,7 @@ RC5_ENC= rc5_enc.o #DES_ENC= r586-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=rc5test.c @@ -67,7 +68,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/rc5/rc5speed.c b/crypto/rc5/rc5speed.c index 7d490d5b77..8e363be535 100644 --- a/crypto/rc5/rc5speed.c +++ b/crypto/rc5/rc5speed.c @@ -69,7 +69,10 @@ #include OPENSSL_UNISTD_IO OPENSSL_DECLARE_EXIT +#ifndef OPENSSL_SYS_NETWARE #include <signal.h> +#endif + #ifndef _IRIX #include <time.h> #endif diff --git a/crypto/ripemd/Makefile.ssl b/crypto/ripemd/Makefile.ssl index 3583dfdcaf..f22ac790ae 100644 --- a/crypto/ripemd/Makefile.ssl +++ b/crypto/ripemd/Makefile.ssl @@ -20,6 +20,7 @@ AR= ar r RIP_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=rmdtest.c @@ -65,7 +66,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index 31fe777b2c..e8567f3cd6 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -51,7 +51,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) @@ -113,16 +113,12 @@ rsa_depr.o: ../cryptlib.h rsa_depr.c rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -rsa_eay.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -rsa_eay.o: ../../include/openssl/engine.h ../../include/openssl/err.h +rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_eay.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rsa_eay.o: ../cryptlib.h rsa_eay.c +rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -147,11 +143,15 @@ rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h @@ -213,15 +213,13 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_sign.o: ../../include/openssl/opensslconf.h +rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_sign.o: ../cryptlib.h rsa_sign.c rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 604fc26442..12689fc22d 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -162,11 +162,6 @@ struct rsa_st #define RSA_FLAG_CACHE_PUBLIC 0x02 #define RSA_FLAG_CACHE_PRIVATE 0x04 #define RSA_FLAG_BLINDING 0x08 -#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in - * RSA implementation now uses blinding by - * default (ignoring RSA_FLAG_BLINDING), - * but other engines might not need it - */ #define RSA_FLAG_THREAD_SAFE 0x10 /* This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: @@ -179,7 +174,11 @@ struct rsa_st */ #define RSA_FLAG_SIGN_VER 0x40 -#define RSA_FLAG_NO_BLINDING 0x80 +#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index 3773d037c6..2d87cd39f3 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -62,6 +62,9 @@ #include <openssl/bn.h> #include <openssl/rsa.h> +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED RSA *RSA_generate_key(int bits, unsigned long e_value, void (*callback)(int,int,void *), void *cb_arg) { @@ -78,4 +81,4 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, RSA_free(rsa); return 0; } - +#endif diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index aff86343cc..ee2a70bb48 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -504,6 +504,8 @@ err: if (ctx != NULL) BN_CTX_free(ctx); BN_clear_free(&f); BN_clear_free(&ret); + if (local_blinding) + BN_BLINDING_free(blinding); if (buf != NULL) { OPENSSL_cleanse(buf,num); diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 3714b248c4..024e11b8e7 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -85,7 +85,8 @@ int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb) static int rsa_builtin_keygen(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb) { BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; - int bitsp,bitsq,ok= -1,n=0,i; + int bitsp,bitsq,ok= -1,n=0; + unsigned int i; BN_CTX *ctx=NULL,*ctx2=NULL; ctx=BN_CTX_new(); diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 53c5092014..e4d622851e 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -316,7 +316,7 @@ void RSA_blinding_off(RSA *rsa) int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) { - BIGNUM *A,*Ai; + BIGNUM *A,*Ai = NULL; BN_CTX *ctx; int ret=0; @@ -327,8 +327,12 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) else ctx=p_ctx; + /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */ if (rsa->blinding != NULL) + { BN_BLINDING_free(rsa->blinding); + rsa->blinding = NULL; + } /* NB: similar code appears in setup_blinding (rsa_eay.c); * this should be placed in a new function of its own, but for reasons @@ -356,9 +360,9 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) rsa->blinding->thread_id = CRYPTO_thread_id(); rsa->flags |= RSA_FLAG_BLINDING; rsa->flags &= ~RSA_FLAG_NO_BLINDING; - BN_free(Ai); ret=1; err: + if (Ai != NULL) BN_free(Ai); BN_CTX_end(ctx); if (ctx != p_ctx) BN_CTX_free(ctx); return(ret); diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index 924e9ad1f6..236842a634 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -312,6 +312,9 @@ int main(int argc, char *argv[]) CRYPTO_mem_leaks_fp(stderr); +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif return err; } #endif diff --git a/crypto/sha/Makefile.ssl b/crypto/sha/Makefile.ssl index 864645c8b5..4ba201c787 100644 --- a/crypto/sha/Makefile.ssl +++ b/crypto/sha/Makefile.ssl @@ -20,6 +20,7 @@ AR= ar r SHA1_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=shatest.c sha1test.c @@ -65,7 +66,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index fe51fd0794..e00f709553 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -1,5 +1,30 @@ #!/usr/local/bin/perl +# It was noted that Intel IA-32 C compiler generates code which +# performs ~30% *faster* on P4 CPU than original *hand-coded* +# SHA1 assembler implementation. To address this problem (and +# prove that humans are still better than machines:-), the +# original code was overhauled, which resulted in following +# performance changes: +# +# compared with original compared with Intel cc +# assembler impl. generated code +# Pentium -25% +37% +# PIII/AMD +8% +16% +# P4 +85%(!) +45% +# +# As you can see Pentium came out as looser:-( Yet I reckoned that +# improvement on P4 outweights the loss and incorporate this +# re-tuned code to 0.9.7 and later. +# ---------------------------------------------------------------- +# Those who for any particular reason absolutely must score on +# Pentium can replace this module with one from 0.9.6 distribution. +# This "offer" shall be revoked the moment programming interface to +# this module is changed, in which case this paragraph should be +# removed. +# ---------------------------------------------------------------- +# <appro@fy.chalmers.se> + $normal=0; push(@INC,"perlasm","../../perlasm"); @@ -77,54 +102,21 @@ sub BODY_00_15 { local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; -return if $n & 1; &comment("00_15 $n"); - &mov($f,$c); - - &mov($tmp1,$a); - &xor($f,$d); # F2 - - &rotl($tmp1,5); # A2 - - &and($f,$b); # F3 - &add($tmp1,$e); - - &rotr($b,1); # B1 <- F - &mov($e,&swtmp($n)); # G1 - - &rotr($b,1); # B1 <- F - &xor($f,$d); # F4 - - &lea($tmp1,&DWP($K,$tmp1,$e,1)); - -############################ -# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); -# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); -$n++; - local($n0,$n1,$n2,$n3,$np)=&Na($n); - ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f); - - &mov($f,$c); - - &add($a,$tmp1); # MOVED DOWN - &xor($f,$d); # F2 - &mov($tmp1,$a); - &and($f,$b); # F3 - - &rotl($tmp1,5); # A2 - - &add($tmp1,$e); - &mov($e,&swtmp($n)); # G1 - - &rotr($b,1); # B1 <- F - &xor($f,$d); # F4 - - &rotr($b,1); # B1 <- F - &lea($tmp1,&DWP($K,$tmp1,$e,1)); - - &add($f,$tmp1); + &mov($f,$c); # f to hold F_00_19(b,c,d) + &rotl($tmp1,5); # tmp1=ROTATE(a,5) + &xor($f,$d); + &and($f,$b); + &rotr($b,2); # b=ROTATE(b,30) + &add($tmp1,$e); # tmp1+=e; + &mov($e,&swtmp($n)); # e becomes volatile and + # is loaded with xi + &xor($f,$d); # f holds F_00_19(b,c,d) + &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi + + &add($f,$tmp1); # f+=tmp1 } sub BODY_16_19 @@ -132,66 +124,24 @@ sub BODY_16_19 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; local($n0,$n1,$n2,$n3,$np)=&Na($n); -return if $n & 1; &comment("16_19 $n"); - &nop() if ($pos < 0); -&mov($tmp1,&swtmp($n0)); # X1 - &mov($f,&swtmp($n1)); # X2 -&xor($f,$tmp1); # X3 - &mov($tmp1,&swtmp($n2)); # X4 -&xor($f,$tmp1); # X5 - &mov($tmp1,&swtmp($n3)); # X6 -&xor($f,$tmp1); # X7 - slot - &mov($tmp1,$c); # F1 -&rotl($f,1); # X8 - slot - &xor($tmp1,$d); # F2 -&mov(&swtmp($n0),$f); # X9 - anytime - &and($tmp1,$b); # F3 -&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e - &xor($tmp1,$d); # F4 -&mov($e,$a); # A1 - &add($f,$tmp1); # tot+=F(); - -&rotl($e,5); # A2 - -&rotr($b,1); # B1 <- F - &add($f,$e); # tot+=a - -############################ -# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); -# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); -$n++; - local($n0,$n1,$n2,$n3,$np)=&Na($n); - ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f); - - -&mov($f,&swtmp($n0)); # X1 - &mov($tmp1,&swtmp($n1)); # X2 -&xor($f,$tmp1); # X3 - &mov($tmp1,&swtmp($n2)); # X4 -&xor($f,$tmp1); # X5 - &mov($tmp1,&swtmp($n3)); # X6 -&rotr($c,1); #&rotr($b,1); # B1 <- F # MOVED DOWN - &xor($f,$tmp1); # X7 - slot -&rotl($f,1); # X8 - slot - &mov($tmp1,$c); # F1 -&xor($tmp1,$d); # F2 - &mov(&swtmp($n0),$f); # X9 - anytime -&and($tmp1,$b); # F3 - &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e - -&xor($tmp1,$d); # F4 - &mov($e,$a); # A1 - -&rotl($e,5); # A2 - -&rotr($b,1); # B1 <- F - &add($f,$e); # tot+=a - -&rotr($b,1); # B1 <- F - &add($f,$tmp1); # tot+=F(); - + &mov($f,&swtmp($n1)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d) + &xor($f,&swtmp($n0)); + &xor($tmp1,$d); + &xor($f,&swtmp($n2)); + &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d) + &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd + &rotr($b,2); # b=ROTATE(b,30) + &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) + &rotl($f,1); # f=ROATE(f,1) + &mov(&swtmp($n0),$f); # xi=f + &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e + &mov($e,$a); # e becomes volatile + &add($f,$tmp1); # f+=F_00_19(b,c,d) + &rotl($e,5); # e=ROTATE(a,5) + &add($f,$e); # f+=ROTATE(a,5) } sub BODY_20_39 @@ -201,42 +151,21 @@ sub BODY_20_39 &comment("20_39 $n"); local($n0,$n1,$n2,$n3,$np)=&Na($n); -&mov($f,&swtmp($n0)); # X1 - &mov($tmp1,&swtmp($n1)); # X2 -&xor($f,$tmp1); # X3 - &mov($tmp1,&swtmp($n2)); # X4 -&xor($f,$tmp1); # X5 - &mov($tmp1,&swtmp($n3)); # X6 -&xor($f,$tmp1); # X7 - slot - &mov($tmp1,$b); # F1 -&rotl($f,1); # X8 - slot - &xor($tmp1,$c); # F2 -&mov(&swtmp($n0),$f); # X9 - anytime - &xor($tmp1,$d); # F3 - -&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e - &mov($e,$a); # A1 - -&rotl($e,5); # A2 - -if ($n != 79) # last loop - { - &rotr($b,1); # B1 <- F - &add($e,$tmp1); # tmp1=F()+a - - &rotr($b,1); # B2 <- F - &add($f,$e); # tot+=tmp1; - } -else - { - &add($e,$tmp1); # tmp1=F()+a - &mov($tmp1,&wparam(0)); - - &rotr($b,1); # B1 <- F - &add($f,$e); # tot+=tmp1; - - &rotr($b,1); # B2 <- F - } + &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d) + &xor($f,&swtmp($n1)); + &rotr($b,2); # b=ROTATE(b,30) + &xor($f,&swtmp($n2)); + &xor($tmp1,$c); + &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd + &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) + &rotl($f,1); # f=ROTATE(f,1) + &mov(&swtmp($n0),$f); # xi=f + &lea($f,&DWP($K,$f,$e,1)); # f+=K_20_39+e + &mov($e,$a); # e becomes volatile + &rotl($e,5); # e=ROTATE(a,5) + &add($f,$tmp1); # f+=F_20_39(b,c,d) + &add($f,$e); # f+=ROTATE(a,5) } sub BODY_40_59 @@ -244,70 +173,27 @@ sub BODY_40_59 local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; &comment("40_59 $n"); - return if $n & 1; local($n0,$n1,$n2,$n3,$np)=&Na($n); -&mov($f,&swtmp($n0)); # X1 - &mov($tmp1,&swtmp($n1)); # X2 -&xor($f,$tmp1); # X3 - &mov($tmp1,&swtmp($n2)); # X4 -&xor($f,$tmp1); # X5 - &mov($tmp1,&swtmp($n3)); # X6 -&xor($f,$tmp1); # X7 - slot - &mov($tmp1,$b); # F1 -&rotl($f,1); # X8 - slot - &or($tmp1,$c); # F2 -&mov(&swtmp($n0),$f); # X9 - anytime - &and($tmp1,$d); # F3 - -&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e - &mov($e,$b); # F4 - -&rotr($b,1); # B1 <- F - &and($e,$c); # F5 - -&or($tmp1,$e); # F6 - &mov($e,$a); # A1 - -&rotl($e,5); # A2 - -&add($tmp1,$e); # tmp1=F()+a - -############################ -# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); -# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); -$n++; - local($n0,$n1,$n2,$n3,$np)=&Na($n); - ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f); - - &mov($f,&swtmp($n0)); # X1 -&add($a,$tmp1); # tot+=tmp1; # moved was add f,tmp1 - &mov($tmp1,&swtmp($n1)); # X2 -&xor($f,$tmp1); # X3 - &mov($tmp1,&swtmp($n2)); # X4 -&xor($f,$tmp1); # X5 - &mov($tmp1,&swtmp($n3)); # X6 -&rotr($c,1); # B2 <- F # moved was rotr b,1 - &xor($f,$tmp1); # X7 - slot -&rotl($f,1); # X8 - slot - &mov($tmp1,$b); # F1 -&mov(&swtmp($n0),$f); # X9 - anytime - &or($tmp1,$c); # F2 -&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e - &mov($e,$b); # F4 -&and($tmp1,$d); # F3 - &and($e,$c); # F5 - -&or($tmp1,$e); # F6 - &mov($e,$a); # A1 - -&rotl($e,5); # A2 - -&rotr($b,1); # B1 <- F - &add($tmp1,$e); # tmp1=F()+a - -&rotr($b,1); # B2 <- F - &add($f,$tmp1); # tot+=tmp1; + &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d) + &xor($f,&swtmp($n1)); + &or($tmp1,$c); + &xor($f,&swtmp($n2)); + &and($tmp1,$d); + &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd + &rotl($f,1); # f=ROTATE(f,1) + &mov(&swtmp($n0),$f); # xi=f + &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e + &mov($e,$b); # e becomes volatile and is used + # to calculate F_40_59(b,c,d) + &rotr($b,2); # b=ROTATE(b,30) + &and($e,$c); + &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d) + &mov($e,$a); + &rotl($e,5); # e=ROTATE(a,5) + &add($tmp1,$e); # tmp1+=ROTATE(a,5) + &add($f,$tmp1); # f+=tmp1; } sub BODY_60_79 @@ -495,8 +381,7 @@ sub sha1_block_data # C -> E # D -> T - # The last 2 have been moved into the last loop - # &mov($tmp1,&wparam(0)); + &mov($tmp1,&wparam(0)); &mov($D, &DWP(12,$tmp1,"",0)); &add($D,$B); diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 4f2e4ada2d..cddd598f22 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -157,6 +157,10 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); EVP_MD_CTX_cleanup(&c); return(0); diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c index 5d2b1d3b1a..0e026c1245 100644 --- a/crypto/sha/shatest.c +++ b/crypto/sha/shatest.c @@ -157,7 +157,10 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); - EVP_MD_CTX_cleanup(&c); + +#ifdef OPENSSL_SYS_NETWARE + if (err) printf("ERROR: %d\n", err); +#endif EXIT(err); return(0); } diff --git a/crypto/stack/Makefile.ssl b/crypto/stack/Makefile.ssl index e4acfe6aba..af53511e0a 100644 --- a/crypto/stack/Makefile.ssl +++ b/crypto/stack/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) @@ -79,10 +79,12 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -stack.o: ../../e_os.h ../../include/openssl/bio.h -stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +stack.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +stack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +stack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +stack.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +stack.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +stack.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +stack.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h stack.o: ../cryptlib.h stack.c diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index ecb2b8ffed..3110e50a84 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -214,6 +214,7 @@ STACK_OF(type) \ #define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) #define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) #define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) @@ -234,6 +235,7 @@ STACK_OF(type) \ #define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) #define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) #define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) @@ -254,6 +256,7 @@ STACK_OF(type) \ #define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) #define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) #define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) @@ -274,6 +277,7 @@ STACK_OF(type) \ #define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) #define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) #define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) @@ -294,6 +298,7 @@ STACK_OF(type) \ #define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) +#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) #define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) #define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) @@ -314,6 +319,7 @@ STACK_OF(type) \ #define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) #define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) #define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) @@ -334,6 +340,7 @@ STACK_OF(type) \ #define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) #define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) #define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) @@ -354,6 +361,7 @@ STACK_OF(type) \ #define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) #define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) #define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) +#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) #define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) #define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) #define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) @@ -374,6 +382,7 @@ STACK_OF(type) \ #define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) #define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) #define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) @@ -394,6 +403,7 @@ STACK_OF(type) \ #define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) #define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) #define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) @@ -414,6 +424,7 @@ STACK_OF(type) \ #define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) #define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) #define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) @@ -434,6 +445,7 @@ STACK_OF(type) \ #define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) #define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) #define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) @@ -454,6 +466,7 @@ STACK_OF(type) \ #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) @@ -474,6 +487,7 @@ STACK_OF(type) \ #define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) #define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) #define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) #define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) #define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) #define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) @@ -494,6 +508,7 @@ STACK_OF(type) \ #define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) #define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) #define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) +#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) #define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) #define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) #define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) @@ -514,6 +529,7 @@ STACK_OF(type) \ #define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) +#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) #define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) #define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) @@ -534,6 +550,7 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) #define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) #define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) @@ -554,6 +571,7 @@ STACK_OF(type) \ #define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) #define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) #define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) @@ -574,6 +592,7 @@ STACK_OF(type) \ #define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) +#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) #define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) #define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) @@ -594,6 +613,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) +#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) #define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) #define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) @@ -614,6 +634,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) +#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) #define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) #define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) @@ -634,6 +655,7 @@ STACK_OF(type) \ #define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) +#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) #define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) #define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) @@ -654,6 +676,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) +#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) #define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) #define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) @@ -674,6 +697,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) +#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) #define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) #define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) @@ -694,6 +718,7 @@ STACK_OF(type) \ #define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) +#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) #define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) #define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) @@ -714,6 +739,7 @@ STACK_OF(type) \ #define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) +#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) #define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) #define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) @@ -734,6 +760,7 @@ STACK_OF(type) \ #define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) #define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) #define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) @@ -754,6 +781,7 @@ STACK_OF(type) \ #define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) #define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) #define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) @@ -774,6 +802,7 @@ STACK_OF(type) \ #define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) #define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) #define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) @@ -794,6 +823,7 @@ STACK_OF(type) \ #define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) #define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) #define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) @@ -814,6 +844,7 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) #define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) #define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) @@ -834,6 +865,7 @@ STACK_OF(type) \ #define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) #define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) #define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) @@ -854,6 +886,7 @@ STACK_OF(type) \ #define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) #define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) #define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) @@ -874,6 +907,7 @@ STACK_OF(type) \ #define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) #define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) #define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) +#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) #define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) #define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) #define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) @@ -894,6 +928,7 @@ STACK_OF(type) \ #define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) #define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) #define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) @@ -914,6 +949,7 @@ STACK_OF(type) \ #define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) #define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) #define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) @@ -934,6 +970,7 @@ STACK_OF(type) \ #define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) #define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) #define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) #define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) #define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) #define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) @@ -954,6 +991,7 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) #define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) #define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) @@ -974,6 +1012,7 @@ STACK_OF(type) \ #define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) #define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) #define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) @@ -994,6 +1033,7 @@ STACK_OF(type) \ #define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) #define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) #define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) @@ -1014,6 +1054,7 @@ STACK_OF(type) \ #define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) #define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) #define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) #define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) #define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) #define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) @@ -1024,6 +1065,27 @@ STACK_OF(type) \ #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) +#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) + #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) @@ -1034,6 +1096,7 @@ STACK_OF(type) \ #define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) #define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) #define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) +#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) #define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) #define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) #define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) @@ -1054,6 +1117,7 @@ STACK_OF(type) \ #define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) #define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) #define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) +#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) #define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) #define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) #define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) @@ -1074,6 +1138,7 @@ STACK_OF(type) \ #define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) #define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) #define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) +#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) #define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) #define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) #define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) @@ -1094,6 +1159,7 @@ STACK_OF(type) \ #define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) #define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) #define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) @@ -1114,6 +1180,7 @@ STACK_OF(type) \ #define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) #define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) #define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) @@ -1134,6 +1201,7 @@ STACK_OF(type) \ #define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) #define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) #define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) @@ -1154,6 +1222,7 @@ STACK_OF(type) \ #define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) #define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) #define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) +#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) #define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) #define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) #define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) @@ -1174,6 +1243,7 @@ STACK_OF(type) \ #define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) #define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) #define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) @@ -1194,6 +1264,7 @@ STACK_OF(type) \ #define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) #define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) #define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) +#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) #define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) #define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) #define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) @@ -1214,6 +1285,7 @@ STACK_OF(type) \ #define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) #define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) #define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) @@ -1234,6 +1306,7 @@ STACK_OF(type) \ #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) #define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) #define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) +#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) #define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) #define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) #define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) @@ -1254,6 +1327,7 @@ STACK_OF(type) \ #define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) #define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) #define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) @@ -1274,6 +1348,7 @@ STACK_OF(type) \ #define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) #define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) #define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) @@ -1294,6 +1369,7 @@ STACK_OF(type) \ #define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) +#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) #define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) #define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) @@ -1314,6 +1390,7 @@ STACK_OF(type) \ #define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) #define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) #define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) @@ -1334,6 +1411,7 @@ STACK_OF(type) \ #define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) #define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) #define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) +#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) #define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) #define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) #define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 2496f28a8c..1d2b47ee67 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -68,6 +68,7 @@ #include <stdio.h> #include "cryptlib.h" #include <openssl/stack.h> +#include <openssl/objects.h> #undef MIN_NODES #define MIN_NODES 4 @@ -210,7 +211,7 @@ char *sk_delete(STACK *st, int loc) return(ret); } -int sk_find(STACK *st, char *data) +static int internal_find(STACK *st, char *data, int ret_val_options) { char **r; int i; @@ -233,19 +234,19 @@ int sk_find(STACK *st, char *data) * not (type *) pointers, but the *pointers* to (type *) pointers, * so we get our extra level of pointer dereferencing that way. */ comp_func=(int (*)(const void *,const void *))(st->comp); - r=(char **)bsearch(&data,(char *)st->data, - st->num,sizeof(char *), comp_func); + r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data, + st->num,sizeof(char *),comp_func,ret_val_options); if (r == NULL) return(-1); - i=(int)(r-st->data); - for ( ; i>0; i--) - /* This needs a cast because the type being pointed to from - * the "&" expressions are (char *) rather than (const char *). - * For an explanation, read: - * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */ - if ((*st->comp)((const char * const *)&(st->data[i-1]), - (const char * const *)&data) < 0) - break; - return(i); + return((int)(r-st->data)); + } + +int sk_find(STACK *st, char *data) + { + return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); + } +int sk_find_ex(STACK *st, char *data) + { + return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); } int sk_push(STACK *st, char *data) diff --git a/crypto/stack/stack.h b/crypto/stack/stack.h index 8b436ca4b9..0058d50f12 100644 --- a/crypto/stack/stack.h +++ b/crypto/stack/stack.h @@ -89,6 +89,7 @@ int sk_insert(STACK *sk,char *data,int where); char *sk_delete(STACK *st,int loc); char *sk_delete_ptr(STACK *st, char *p); int sk_find(STACK *st,char *data); +int sk_find_ex(STACK *st,char *data); int sk_push(STACK *st,char *data); int sk_unshift(STACK *st,char *data); char *sk_shift(STACK *st); diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index 54d598565d..f6f3df4b6a 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -77,6 +77,12 @@ #ifdef PTHREADS #include <pthread.h> #endif +#ifdef OPENSSL_SYS_NETWARE +#if !defined __int64 +# define __int64 long long +#endif +#include <nwmpk.h> +#endif #include <openssl/lhash.h> #include <openssl/crypto.h> #include <openssl/buffer.h> @@ -86,8 +92,18 @@ #include <openssl/err.h> #include <openssl/rand.h> +#ifdef OPENSSL_NO_FP_API +#define APPS_WIN16 +#include "../buffer/bss_file.c" +#endif + +#ifdef OPENSSL_SYS_NETWARE +#define TEST_SERVER_CERT "/openssl/apps/server.pem" +#define TEST_CLIENT_CERT "/openssl/apps/client.pem" +#else #define TEST_SERVER_CERT "../../apps/server.pem" #define TEST_CLIENT_CERT "../../apps/client.pem" +#endif #define MAX_THREAD_NUMBER 100 @@ -100,10 +116,18 @@ void irix_locking_callback(int mode,int type,char *file,int line); void solaris_locking_callback(int mode,int type,char *file,int line); void win32_locking_callback(int mode,int type,char *file,int line); void pthreads_locking_callback(int mode,int type,char *file,int line); +void netware_locking_callback(int mode,int type,char *file,int line); unsigned long irix_thread_id(void ); unsigned long solaris_thread_id(void ); unsigned long pthreads_thread_id(void ); +unsigned long netware_thread_id(void ); + +#if defined(OPENSSL_SYS_NETWARE) +static MPKMutex *lock_cs; +static MPKSema ThreadSem; +static long *lock_count; +#endif BIO *bio_err=NULL; BIO *bio_stdout=NULL; @@ -243,7 +267,8 @@ bad: goto end; } - if (cipher == NULL) cipher=getenv("SSL_CIPHER"); + if (cipher == NULL && OPENSSL_issetugid() == 0) + cipher=getenv("SSL_CIPHER"); SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); @@ -383,6 +408,9 @@ int ndoit(SSL_CTX *ssl_ctx[2]) SSL_free((SSL *)ctx[2]); SSL_free((SSL *)ctx[3]); } +# ifdef OPENSSL_SYS_NETWARE + MPKSemaphoreSignal(ThreadSem); +# endif return(0); } @@ -626,6 +654,9 @@ int doit(char *ctx[4]) } if ((done & S_DONE) && (done & C_DONE)) break; +# if defined(OPENSSL_SYS_NETWARE) + ThreadSwitchWithDelay(); +# endif } SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); @@ -1093,3 +1124,88 @@ unsigned long pthreads_thread_id(void) +#ifdef OPENSSL_SYS_NETWARE + +void thread_setup(void) +{ + int i; + + lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex)); + lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + for (i=0; i<CRYPTO_num_locks(); i++) + { + lock_count[i]=0; + lock_cs[i]=MPKMutexAlloc("OpenSSL mutex"); + } + + ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0 ); + + CRYPTO_set_id_callback((unsigned long (*)())netware_thread_id); + CRYPTO_set_locking_callback((void (*)())netware_locking_callback); +} + +void thread_cleanup(void) +{ + int i; + + CRYPTO_set_locking_callback(NULL); + + fprintf(stdout,"thread_cleanup\n"); + + for (i=0; i<CRYPTO_num_locks(); i++) + { + MPKMutexFree(lock_cs[i]); + fprintf(stdout,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i)); + } + OPENSSL_free(lock_cs); + OPENSSL_free(lock_count); + + MPKSemaphoreFree(ThreadSem); + + fprintf(stdout,"done cleanup\n"); +} + +void netware_locking_callback(int mode, int type, char *file, int line) +{ + if (mode & CRYPTO_LOCK) + { + MPKMutexLock(lock_cs[type]); + lock_count[type]++; + } + else + MPKMutexUnlock(lock_cs[type]); +} + +void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) +{ + SSL_CTX *ssl_ctx[2]; + int i; + ssl_ctx[0]=s_ctx; + ssl_ctx[1]=c_ctx; + + for (i=0; i<thread_number; i++) + { + BeginThread( (void(*)(void*))ndoit, NULL, THREAD_STACK_SIZE, + (void*)ssl_ctx); + ThreadSwitchWithDelay(); + } + + printf("reaping\n"); + + /* loop until all threads have signaled the semaphore */ + for (i=0; i<thread_number; i++) + { + MPKSemaphoreWait(ThreadSem); + } + printf("netware threads done (%d,%d)\n", + s_ctx->references,c_ctx->references); +} + +unsigned long netware_thread_id(void) +{ + unsigned long ret; + + ret=(unsigned long)GetThreadID(); + return(ret); +} +#endif /* NETWARE */ diff --git a/crypto/tmdiff.c b/crypto/tmdiff.c index 307523ebba..1c6e052ac9 100644 --- a/crypto/tmdiff.c +++ b/crypto/tmdiff.c @@ -72,7 +72,11 @@ # define TIMES #endif -#ifndef _IRIX +#ifdef OPENSSL_SYS_NETWARE +#undef TIMES +#endif + +#if !defined(_IRIX) || defined (OPENSSL_SYS_NETWARE) # include <time.h> #endif #ifdef TIMES @@ -94,7 +98,7 @@ #include <sys/param.h> #endif -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) #include <sys/timeb.h> #endif @@ -106,7 +110,8 @@ #ifndef HZ # if defined(_SC_CLK_TCK) \ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) -# define HZ ((double)sysconf(_SC_CLK_TCK)) +/* # define HZ ((double)sysconf(_SC_CLK_TCK)) */ +# define HZ sysconf(_SC_CLK_TCK) # else # ifndef CLK_TCK # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ @@ -120,7 +125,7 @@ # endif #endif -typedef struct ms_tm +struct ms_tm { #ifdef TIMES struct tms ms_tms; @@ -128,6 +133,8 @@ typedef struct ms_tm # ifdef OPENSSL_SYS_WIN32 HANDLE thread_id; FILETIME ms_win32; +# elif defined (OPENSSL_SYS_NETWARE) + clock_t ms_clock; # else # ifdef OPENSSL_SYS_VXWORKS unsigned long ticks; @@ -136,9 +143,9 @@ typedef struct ms_tm # endif # endif #endif - } MS_TM; + }; -char *ms_time_new(void) +MS_TM *ms_time_new(void) { MS_TM *ret; @@ -149,18 +156,17 @@ char *ms_time_new(void) #ifdef OPENSSL_SYS_WIN32 ret->thread_id=GetCurrentThread(); #endif - return((char *)ret); + return ret; } -void ms_time_free(char *a) +void ms_time_free(MS_TM *a) { if (a != NULL) OPENSSL_free(a); } -void ms_time_get(char *a) +void ms_time_get(MS_TM *tm) { - MS_TM *tm=(MS_TM *)a; #ifdef OPENSSL_SYS_WIN32 FILETIME tmpa,tmpb,tmpc; #endif @@ -170,6 +176,8 @@ void ms_time_get(char *a) #else # ifdef OPENSSL_SYS_WIN32 GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32)); +# elif defined (OPENSSL_SYS_NETWARE) + tm->ms_clock = clock(); # else # ifdef OPENSSL_SYS_VXWORKS tm->ticks = tickGet(); @@ -180,14 +188,13 @@ void ms_time_get(char *a) #endif } -double ms_time_diff(char *ap, char *bp) +double ms_time_diff(MS_TM *a, MS_TM *b) { - MS_TM *a=(MS_TM *)ap; - MS_TM *b=(MS_TM *)bp; double ret; #ifdef TIMES - ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; + ret = HZ; + ret = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / ret; #else # ifdef OPENSSL_SYS_WIN32 { @@ -204,6 +211,8 @@ double ms_time_diff(char *ap, char *bp) lb+=b->ms_win32.dwLowDateTime; ret=((double)(lb-la))/1e7; } +# elif defined (OPENSSL_SYS_NETWARE) + ret= (double)(b->ms_clock - a->ms_clock); # else # ifdef OPENSSL_SYS_VXWORKS ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet(); @@ -217,18 +226,20 @@ double ms_time_diff(char *ap, char *bp) return((ret < 0.0000001)?0.0000001:ret); } -int ms_time_cmp(char *ap, char *bp) +int ms_time_cmp(const MS_TM *a, const MS_TM *b) { - MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp; double d; int ret; #ifdef TIMES - d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; + d = HZ; + d = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / d; #else # ifdef OPENSSL_SYS_WIN32 d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7; +# elif defined (OPENSSL_SYS_NETWARE) + d= (double)(b->ms_clock - a->ms_clock); # else # ifdef OPENSSL_SYS_VXWORKS d = (b->ticks - a->ticks); diff --git a/crypto/tmdiff.h b/crypto/tmdiff.h index 41a8a1e0e0..af5c41c649 100644 --- a/crypto/tmdiff.h +++ b/crypto/tmdiff.h @@ -59,6 +59,16 @@ /* Header for dynamic hash table routines * Author - Eric Young */ +/* ... erm yeah, "dynamic hash tables" you say? + * + * And what would dynamic hash tables have to do with any of this code *now*? + * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused + * file that I doubt compiles any more. speed.c is the only thing that could + * use this (and it has nothing to do with hash tables), yet it instead has its + * own duplication of all this stuff and looks, if anything, more complete. See + * the corresponding note in apps/speed.c. + * The Bemused - Geoff + */ #ifndef HEADER_TMDIFF_H #define HEADER_TMDIFF_H @@ -67,11 +77,13 @@ extern "C" { #endif -char *ms_time_new(void ); -void ms_time_free(char *a); -void ms_time_get(char *a); -double ms_time_diff(char *start,char *end); -int ms_time_cmp(char *ap,char *bp); +typedef struct ms_tm MS_TM; + +MS_TM *ms_time_new(void ); +void ms_time_free(MS_TM *a); +void ms_time_get(MS_TM *a); +double ms_time_diff(MS_TM *start, MS_TM *end); +int ms_time_cmp(const MS_TM *ap, const MS_TM *bp); #ifdef __cplusplus } diff --git a/crypto/txt_db/Makefile.ssl b/crypto/txt_db/Makefile.ssl index 313f75313b..6221dfae4d 100644 --- a/crypto/txt_db/Makefile.ssl +++ b/crypto/txt_db/Makefile.ssl @@ -47,7 +47,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/ui/Makefile.ssl b/crypto/ui/Makefile.ssl index 90ae7d4a4a..ba46951d1c 100644 --- a/crypto/ui/Makefile.ssl +++ b/crypto/ui/Makefile.ssl @@ -51,7 +51,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 13e5f20dcb..dbc9711a2d 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc, len += sizeof(prompt3) - 1; prompt = (char *)OPENSSL_malloc(len + 1); - strcpy(prompt, prompt1); - strcat(prompt, object_desc); + BUF_strlcpy(prompt, prompt1, len + 1); + BUF_strlcat(prompt, object_desc, len + 1); if (object_name) { - strcat(prompt, prompt2); - strcat(prompt, object_name); + BUF_strlcat(prompt, prompt2, len + 1); + BUF_strlcat(prompt, object_name, len + 1); } - strcat(prompt, prompt3); + BUF_strlcat(prompt, prompt3, len + 1); } return prompt; } @@ -865,7 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) return -1; } - strcpy(uis->result_buf, result); + BUF_strlcpy(uis->result_buf, result, + uis->_.string_data.result_maxsize + 1); break; case UIT_BOOLEAN: { diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 902ee4b767..cb028b2b6a 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -117,6 +117,13 @@ #include <openssl/e_os2.h> +#define _POSIX_C_SOURCE 1 +#include <signal.h> +#include <stdio.h> +#undef _POSIX_C_SOURCE +#include <string.h> +#include <errno.h> + #if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) # ifdef OPENSSL_UNISTD # include OPENSSL_UNISTD @@ -145,10 +152,6 @@ /* 06-Apr-92 Luke Brennan Support for VMS */ #include "ui_locl.h" #include "cryptlib.h" -#include <signal.h> -#include <stdio.h> -#include <string.h> -#include <errno.h> #ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ # include <starlet.h> @@ -199,6 +202,12 @@ #undef SGTTY #endif +#if defined(OPENSSL_SYS_NETWARE) +#undef TERMIOS +#undef TERMIO +#undef SGTTY +#endif + #ifdef TERMIOS # include <termios.h> # define TTY_STRUCT struct termios @@ -247,7 +256,7 @@ struct IOSB { typedef int sig_atomic_t; #endif -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE) /* * This one needs work. As a matter of fact the code is unoperational * and this is only a trick to get it compiled. @@ -467,7 +476,7 @@ static int open_console(UI *ui) CRYPTO_w_lock(CRYPTO_LOCK_UI); is_a_tty = 1; -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) tty_in=stdin; tty_out=stderr; #else @@ -483,7 +492,7 @@ static int open_console(UI *ui) #endif #if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) - if (TTY_get(fileno(tty_in),&tty_orig) == -1) + if (TTY_get(fileno(tty_in),&tty_orig) == -1) { #ifdef ENOTTY if (errno == ENOTTY) diff --git a/crypto/uid.c b/crypto/uid.c index 73205a4baa..b1fd52bada 100644 --- a/crypto/uid.c +++ b/crypto/uid.c @@ -65,7 +65,7 @@ int OPENSSL_issetugid(void) return issetugid(); } -#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) +#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) int OPENSSL_issetugid(void) { diff --git a/crypto/x509/Makefile.ssl b/crypto/x509/Makefile.ssl index 42261970fc..9491f8ee94 100644 --- a/crypto/x509/Makefile.ssl +++ b/crypto/x509/Makefile.ssl @@ -57,7 +57,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 448bd7e69c..6207340472 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -302,8 +302,38 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, k=0; for (;;) { - sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h, - postfix,k); + char c = '/'; +#ifdef OPENSSL_SYS_VMS + c = ctx->dirs[i][strlen(ctx->dirs[i])-1]; + if (c != ':' && c != '>' && c != ']') + { + /* If no separator is present, we assume the + directory specifier is a logical name, and + add a colon. We really should use better + VMS routines for merging things like this, + but this will do for now... + -- Richard Levitte */ + c = ':'; + } + else + { + c = '\0'; + } +#endif + if (c == '\0') + { + /* This is special. When c == '\0', no + directory separator should be added. */ + BIO_snprintf(b->data,b->max, + "%s%08lx.%s%d",ctx->dirs[i],h, + postfix,k); + } + else + { + BIO_snprintf(b->data,b->max, + "%s%c%08lx.%s%d",ctx->dirs[i],c,h, + postfix,k); + } k++; if (stat(b->data,&st) < 0) break; diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 049308ba80..9b26b24ef3 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -112,8 +112,9 @@ extern "C" { #endif #ifdef OPENSSL_SYS_WIN32 -/* Under Win32 this is defined in wincrypt.h */ +/* Under Win32 these are defined in wincrypt.h */ #undef X509_NAME +#undef X509_CERT_PAIR #endif #define X509_FILETYPE_PEM 1 @@ -855,10 +856,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req); X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); -#ifndef OPENSSL_NO_RSA -RSA *RSAPublicKey_dup(RSA *rsa); -RSA *RSAPrivateKey_dup(RSA *rsa); -#endif #endif /* !SSLEAY_MACROS */ diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 17d69ac005..9c84a59d52 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -82,6 +82,7 @@ static X509_TRUST trstandard[] = { {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, +{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} }; @@ -127,7 +128,7 @@ int X509_TRUST_get_count(void) X509_TRUST * X509_TRUST_get0(int idx) { if(idx < 0) return NULL; - if(idx < X509_TRUST_COUNT) return trstandard + idx; + if(idx < (int)X509_TRUST_COUNT) return trstandard + idx; return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); } @@ -218,7 +219,7 @@ static void trtable_free(X509_TRUST *p) void X509_TRUST_cleanup(void) { - int i; + unsigned int i; for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); sk_X509_TRUST_pop_free(trtable, trtable_free); trtable = NULL; diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 4f83db8ba2..5a945a70fb 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -148,7 +148,7 @@ const char *X509_verify_cert_error_string(long n) return("unhandled critical extension"); default: - sprintf(buf,"error number %ld",n); + BIO_snprintf(buf,sizeof buf,"error number %ld",n); return(buf); } } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 552d1e7251..2bb21b443e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx) if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) return 1; if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) - last = 0; - else last = sk_X509_num(ctx->chain) - 1; + else + last = 0; for(i = 0; i <= last; i++) { ctx->error_depth = i; @@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx) ok=(*cb)(0,ctx); if (!ok) goto end; } - if (X509_verify(xs,pkey) <= 0) + else if (X509_verify(xs,pkey) <= 0) /* XXX For the final trusted self-signed cert, * this is a waste of time. That check should * optional so that e.g. 'openssl x509' can be diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 8eaf102480..2cd994c5b0 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -102,17 +102,18 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) case EVP_PKEY_RSA: ret|=EVP_PKS_RSA; break; - case EVP_PKS_DSA: + case EVP_PKEY_DSA: ret|=EVP_PKS_DSA; break; - case EVP_PKS_EC: + case EVP_PKEY_EC: ret|=EVP_PKS_EC; break; default: break; } - if (EVP_PKEY_size(pk) <= 512) + if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look + for, not bytes */ ret|=EVP_PKT_EXP; if(pkey==NULL) EVP_PKEY_free(pk); return(ret); diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index be8a6ca72f..e29f366cbe 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -53,7 +53,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index ad6cb08e20..c29eff8a91 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -137,13 +137,15 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, case GEN_IPADD: p = gen->d.ip->data; if(gen->d.ip->length == 4) - sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + BIO_snprintf(oline, sizeof oline, + "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); else if(gen->d.ip->length == 16) { oline[0] = 0; for (i = 0; i < 8; i++) { - sprintf(htmp, "%X", p[0] << 8 | p[1]); + BIO_snprintf(htmp, sizeof htmp, + "%X", p[0] << 8 | p[1]); p += 2; strcat(oline, htmp); if (i != 7) diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 7e813db0d7..9a89e43330 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -238,12 +238,12 @@ static int v3_check_generic(char **value) { int gen_type = 0; char *p = *value; - if ((strlen(p) >= 4) && !strncmp(p, "DER:,", 4)) + if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { p+=4; gen_type = 1; } - if ((strlen(p) >= 5) && !strncmp(p, "ASN1:,", 5)) + else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { p+=5; gen_type = 2; diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 0d4ab1f680..0d554f3a2c 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org); static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org); -static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos); +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); X509V3_EXT_METHOD v3_cpols = { NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), @@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, qual = notice_section(ctx, unot, ia5org); X509V3_section_free(ctx, unot); if(!qual) goto err; + if(!pol->qualifiers) pol->qualifiers = + sk_POLICYQUALINFO_new_null(); if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; } else { @@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) { - int i; + int i, ret; CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; @@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if(!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else nref = not->noticeref; - if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); - else nref->organization = M_ASN1_VISIBLESTRING_new(); + if(ia5org) nref->organization->type = V_ASN1_IA5STRING; + else nref->organization->type = V_ASN1_VISIBLESTRING; if(!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; } else if(!strcmp(cnf->name, "noticeNumbers")) { @@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, X509V3_conf_err(cnf); goto err; } - nref->noticenos = nref_nos(nos); + ret = nref_nos(nref->noticenos, nos); sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); - if(!nref->noticenos) goto err; + if (!ret) + goto err; } else { X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); - X509V3_conf_err(cnf); goto err; } @@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, return NULL; } -static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) { - STACK_OF(ASN1_INTEGER) *nnums; CONF_VALUE *cnf; ASN1_INTEGER *aint; int i; - if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr; for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { @@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) } if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; } - return nnums; + return 1; merr: X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); err: sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); - return NULL; + return 0; } diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 894a8b94d8..f90829c574 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -156,7 +156,7 @@ ASN1_SEQUENCE(DIST_POINT) = { IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT) + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index 4e1a1f3a4d..b46ff13613 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method STACK_OF(CONF_VALUE) *ret) { ACCESS_DESCRIPTION *desc; - int i; + int i,nlen; char objtmp[80], *ntmp; CONF_VALUE *vtmp; for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { @@ -114,15 +114,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method if(!ret) break; vtmp = sk_CONF_VALUE_value(ret, i); i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); - ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5); + nlen = strlen(objtmp) + strlen(vtmp->name) + 5; + ntmp = OPENSSL_malloc(nlen); if(!ntmp) { X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; } - strcpy(ntmp, objtmp); - strcat(ntmp, " - "); - strcat(ntmp, vtmp->name); + BUF_strlcpy(ntmp, objtmp, nlen); + BUF_strlcat(ntmp, " - ", nlen); + BUF_strlcat(ntmp, vtmp->name, nlen); OPENSSL_free(vtmp->name); vtmp->name = ntmp; diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 482ca8ccf5..ca5a4a4a57 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -202,6 +202,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) if(OBJ_obj2nid(ex->object) == nid) { if(idx) { *idx = i; + found_ex = ex; break; } else if(found_ex) { /* Found more than one */ diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 9be6c95a63..8e3b3d8670 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -184,7 +184,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts j=X509_EXTENSION_get_critical(ex); if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) return 0; - if(!X509V3_EXT_print(bp, ex, flag, 12)) + if(!X509V3_EXT_print(bp, ex, flag, indent + 4)) { BIO_printf(bp, "%*s", indent + 4, ""); M_ASN1_OCTET_STRING_print(bp,ex->value); diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 4d145f71fd..b1a6d2632a 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -140,7 +140,7 @@ int X509_PURPOSE_get_count(void) X509_PURPOSE * X509_PURPOSE_get0(int idx) { if(idx < 0) return NULL; - if(idx < X509_PURPOSE_COUNT) return xstandard + idx; + if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx; return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } @@ -240,7 +240,7 @@ static void xptable_free(X509_PURPOSE *p) void X509_PURPOSE_cleanup(void) { - int i; + unsigned int i; sk_X509_PURPOSE_pop_free(xptable, xptable_free); for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); xptable = NULL; diff --git a/demos/engines/zencod/hw_zencod.h b/demos/engines/zencod/hw_zencod.h index 195345d8c6..415c9a6be8 100644 --- a/demos/engines/zencod/hw_zencod.h +++ b/demos/engines/zencod/hw_zencod.h @@ -46,7 +46,7 @@ typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key); /* - * Key managment tools + * Key management tools */ typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data); typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data); diff --git a/demos/ssltest-ecc/README b/demos/ssltest-ecc/README index b045c28fb6..71c070af16 100644 --- a/demos/ssltest-ecc/README +++ b/demos/ssltest-ecc/README @@ -1,6 +1,6 @@ Scripts for using ECC ciphersuites with test/testssl (these ciphersuites are described in the Internet Draft available at -http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-02.txt). +http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-03.txt). Use ECCcertgen.sh, RSAcertgen.sh, ECC-RSAcertgen.sh to generate root, client and server certs of the following types: diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 6d010216e7..d0a7703e61 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -384,11 +384,17 @@ versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value B<no>, especially if combined with the B<-selfsign> command line option. -=item B<serialfile> +=item B<serial> a text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number. +=item B<crlnumber> + +a text file containing the next CRL number to use in hex. The crl number +will be inserted in the CRLs only if this file exists. If this file is +present, it must contain a valid CRL number. + =item B<x509_extensions> the same as B<-extensions>. @@ -425,7 +431,7 @@ here, except the B<no_signame> and B<no_sigdump> are permanently set and cannot be disabled (this is because the certificate signature cannot be displayed because the certificate has not been signed at this point). -For convenience the values B<default_ca> are accepted by both to produce +For convenience the values B<ca_default> are accepted by both to produce a reasonable output. If neither option is present the format used in earlier versions of @@ -538,8 +544,8 @@ A sample configuration file with the relevant sections for B<ca>: policy = policy_any # default policy email_in_dn = no # Don't add the email into cert DN - nameopt = default_ca # Subject name display option - certopt = default_ca # Certificate display option + nameopt = ca_default # Subject name display option + certopt = ca_default # Certificate display option copy_extensions = none # Don't copy extensions from request [ policy_any ] diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index 07dd80eabe..dc0f49ddca 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -329,7 +329,8 @@ L<passwd(1)|passwd(1)>, L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, -L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, +L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>, +L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>, L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 47dc93cb3f..8d19079973 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -8,7 +8,7 @@ s_client - SSL/TLS client program =head1 SYNOPSIS B<openssl> B<s_client> -[B<-connect> host:port>] +[B<-connect host:port>] [B<-verify depth>] [B<-cert filename>] [B<-key filename>] @@ -168,7 +168,7 @@ command for more information. send the protocol-specific message(s) to switch to TLS for communication. B<protocol> is a keyword for the intended protocol. Currently, the only -supported keyword is "smtp". +supported keywords are "smtp" and "pop3". =item B<-engine id> @@ -208,7 +208,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page. If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, -B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried +B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried in case it is a buggy server. In particular you should play with these options B<before> submitting a bug report to an OpenSSL mailing list. @@ -219,7 +219,7 @@ the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using B<s_client> the CA list can be viewed and checked. However some servers only request client authentication after a specific URL is requested. To obtain the list in this case it -is necessary to use the B<-prexit> command and send an HTTP request +is necessary to use the B<-prexit> option and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 50343cd685..21bdfccb9a 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -17,6 +17,8 @@ B<openssl> B<x509> [B<-out filename>] [B<-serial>] [B<-hash>] +[B<-subject_hash>] +[B<-issuer_hash>] [B<-subject>] [B<-issuer>] [B<-nameopt option>] @@ -141,12 +143,20 @@ contained in the certificate. outputs the certificate serial number. -=item B<-hash> +=item B<-subject_hash> outputs the "hash" of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be looked up by subject name. +=item B<-issuer_hash> + +outputs the "hash" of the certificate issuer name. + +=item B<-hash> + +synonym for "-hash" for backward compatibility reasons. + =item B<-subject> outputs the subject name. diff --git a/doc/crypto/BIO_f_base64.pod b/doc/crypto/BIO_f_base64.pod index fdb603b38e..929557d22f 100644 --- a/doc/crypto/BIO_f_base64.pod +++ b/doc/crypto/BIO_f_base64.pod @@ -55,16 +55,15 @@ to standard output: Read Base64 encoded data from standard input and write the decoded data to standard output: - BIO *bio, *b64, bio_out; + BIO *bio, *b64, *bio_out; char inbuf[512]; int inlen; - char message[] = "Hello World \n"; b64 = BIO_new(BIO_f_base64()); bio = BIO_new_fp(stdin, BIO_NOCLOSE); bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); bio = BIO_push(b64, bio); - while((inlen = BIO_read(bio, inbuf, strlen(message))) > 0) + while((inlen = BIO_read(bio, inbuf, 512) > 0) BIO_write(bio_out, inbuf, inlen); BIO_free_all(bio); diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod index a56ee2b92f..f0b731731f 100644 --- a/doc/crypto/BIO_f_ssl.pod +++ b/doc/crypto/BIO_f_ssl.pod @@ -287,8 +287,8 @@ a client and also echoes the request to standard output. return 0; } - BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n"); - BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n"); + BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n"); + BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n"); BIO_puts(sbio, "--------------------------------------------------\r\n"); for(;;) { @@ -301,7 +301,7 @@ a client and also echoes the request to standard output. } BIO_puts(sbio, "--------------------------------------------------\r\n"); - BIO_puts(sbio, "</pre>\r\n"); + BIO_puts(sbio, "\r\n"); /* Since there is a buffering BIO present we had better flush it */ BIO_flush(sbio); diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index 5ce4add082..016381f3e9 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -2,7 +2,7 @@ =head1 NAME - EVP_BytesToKey - password based encryption routine +EVP_BytesToKey - password based encryption routine =head1 SYNOPSIS diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 5901c39526..1cb315e739 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -4,7 +4,7 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - diff --git a/doc/crypto/OpenSSL_add_all_algorithms.pod b/doc/crypto/OpenSSL_add_all_algorithms.pod index 486c903430..e63411b5bb 100644 --- a/doc/crypto/OpenSSL_add_all_algorithms.pod +++ b/doc/crypto/OpenSSL_add_all_algorithms.pod @@ -36,7 +36,7 @@ None of the functions return a value. =head1 NOTES -A typical application will will call OpenSSL_add_all_algorithms() initially and +A typical application will call OpenSSL_add_all_algorithms() initially and EVP_cleanup() before exiting. An application does not need to add algorithms to use them explicitly, for example diff --git a/doc/crypto/RSA_print.pod b/doc/crypto/RSA_print.pod index e28d107d1c..c971e91f4d 100644 --- a/doc/crypto/RSA_print.pod +++ b/doc/crypto/RSA_print.pod @@ -44,6 +44,6 @@ L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)> RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(), DH_print_fp() are available in all versions of SSLeay and OpenSSL. -DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8. +DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8. =cut diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod index 9805a7c9f2..891914678c 100644 --- a/doc/crypto/bn_internal.pod +++ b/doc/crypto/bn_internal.pod @@ -72,19 +72,19 @@ applications. typedef struct bignum_st { - int top; /* index of last used d (most significant word) */ - BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */ + int top; /* number of words used in d */ + BN_ULONG *d; /* pointer to an array containing the integer value */ int max; /* size of the d array */ int neg; /* sign */ } BIGNUM; -The big number is stored in B<d>, a malloc()ed array of B<BN_ULONG>s, -least significant first. A B<BN_ULONG> can be either 16, 32 or 64 bits -in size (B<BITS2>), depending on the 'number of bits' specified in +The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>), +least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits +in size, depending on the 'number of bits' (B<BITS2>) specified in C<openssl/bn.h>. B<max> is the size of the B<d> array that has been allocated. B<top> -is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and +is the number of words being used, so for a value of 4, bn.d[0]=4 and bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is B<0>, the B<d> field can be B<NULL> and B<top> == B<0>. @@ -202,7 +202,7 @@ call bn_expand2(), which allocates a new B<d> array and copies the data. They return B<NULL> on error, B<b> otherwise. The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most -significant non-zero word when B<a> has shrunk. +significant non-zero word plus one when B<a> has shrunk. =head2 Debugging diff --git a/doc/crypto/d2i_DSAPublicKey.pod b/doc/crypto/d2i_DSAPublicKey.pod index 6ebd30427b..22c1b50f22 100644 --- a/doc/crypto/d2i_DSAPublicKey.pod +++ b/doc/crypto/d2i_DSAPublicKey.pod @@ -9,6 +9,7 @@ and parsing functions. =head1 SYNOPSIS #include <openssl/dsa.h> + #include <openssl/x509.h> DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); @@ -35,8 +36,8 @@ and parsing functions. d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key components structure. -d2i_DSA_PUKEY() and i2d_DSA_PUKEY() decode and encode an DSA public key using a -SubjectPublicKeyInfo (certificate public key) structure. +d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using +a SubjectPublicKeyInfo (certificate public key) structure. d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key components. diff --git a/doc/crypto/d2i_RSAPublicKey.pod b/doc/crypto/d2i_RSAPublicKey.pod index 7c71bcbf3d..279b29c873 100644 --- a/doc/crypto/d2i_RSAPublicKey.pod +++ b/doc/crypto/d2i_RSAPublicKey.pod @@ -9,6 +9,7 @@ d2i_Netscape_RSA - RSA public and private key encoding functions. =head1 SYNOPSIS #include <openssl/rsa.h> + #include <openssl/x509.h> RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); @@ -31,8 +32,8 @@ d2i_Netscape_RSA - RSA public and private key encoding functions. d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey structure. -d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a -SubjectPublicKeyInfo (certificate public key) structure. +d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using +a SubjectPublicKeyInfo (certificate public key) structure. d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey structure. diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index 5e3c3d0985..e8e946e18a 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -23,13 +23,13 @@ i2d_X509_fp - X509 encode and decode functions The X509 encode and decode routines encode and parse an B<X509> structure, which represents an X509 certificate. -d2i_X509() attempts to decode B<len> bytes at B<*out>. If +d2i_X509() attempts to decode B<len> bytes at B<*in>. If successful a pointer to the B<X509> structure is returned. If an error occurred then B<NULL> is returned. If B<px> is not B<NULL> then the returned structure is written to B<*px>. If B<*px> is not B<NULL> then it is assumed that B<*px> contains a valid B<X509> structure and an attempt is made to reuse it. If the call is -successful B<*out> is incremented to the byte following the +successful B<*in> is incremented to the byte following the parsed data. i2d_X509() encodes the structure pointed to by B<x> into DER format. diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index 528c73acac..6f0cf1cc5e 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -283,7 +283,7 @@ DES_cbc_encrypt is used. =head1 NOTES Single-key DES is insecure due to its short key size. ECB mode is -not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>. +not suitable for most applications; see L<des_modes(7)|des_modes(7)>. The L<evp(3)|evp(3)> library provides higher-level encryption functions. diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index a4f8cc3337..8613114452 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -330,7 +330,7 @@ most of them are set to 0 or NULL. Read a certificate in PEM format from a BIO: X509 *x; - x = PEM_read_bio(bp, NULL, 0, NULL); + x = PEM_read_bio_X509(bp, NULL, 0, NULL); if (x == NULL) { /* Error */ @@ -459,12 +459,12 @@ returned by EVP_bytestokey(). The PEM read routines in some versions of OpenSSL will not correctly reuse an existing structure. Therefore the following: - PEM_read_bio(bp, &x, 0, NULL); + PEM_read_bio_X509(bp, &x, 0, NULL); where B<x> already contains a valid certificate, may not work, whereas: X509_free(x); - x = PEM_read_bio(bp, NULL, 0, NULL); + x = PEM_read_bio_X509(bp, NULL, 0, NULL); is guaranteed to work. diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod index 2b3535a746..6df68d604a 100644 --- a/doc/crypto/ui.pod +++ b/doc/crypto/ui.pod @@ -5,7 +5,7 @@ UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, -UI_add_error_string, UI_dup_error_string, UI_construct_prompt +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod index 2a98739114..42fa66b197 100644 --- a/doc/ssl/SSL_COMP_add_compression_method.pod +++ b/doc/ssl/SSL_COMP_add_compression_method.pod @@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values: =over 4 -=item 1 +=item 0 The operation succeeded. -=item 0 +=item 1 The operation failed. Check the error queue to find out the reason. diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod index d15b2a3a1a..ca8d81b82c 100644 --- a/doc/ssl/SSL_CTX_set_verify.pod +++ b/doc/ssl/SSL_CTX_set_verify.pod @@ -135,9 +135,9 @@ process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If B<verify_callback> returns 1, the verification process is continued. If B<verify_callback> always returns -1, the TLS/SSL handshake will never be terminated because of this application -experiencing a verification failure. The calling process can however -retrieve the error code of the last verification error using +1, the TLS/SSL handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> or by maintaining its own error storage managed by B<verify_callback>. diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod index b8868f18bf..ea2faba3ec 100644 --- a/doc/ssl/SSL_CTX_use_certificate.pod +++ b/doc/ssl/SSL_CTX_use_certificate.pod @@ -68,7 +68,9 @@ should be preferred. SSL_CTX_use_certificate_chain_file() loads a certificate chain from B<file> into B<ctx>. The certificates must be in PEM format and must -be sorted starting with the certificate to the highest level (root CA). +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate CA certificates if applicable, and +ending at the highest level (root) CA. There is no corresponding function working on a single SSL object. SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>. diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index a673edba85..cc724c0d56 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -28,7 +28,8 @@ should be called again. If the underlying BIO is B<non-blocking>, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() -to continue the handshake. In this case a call to SSL_get_error() with the +to continue the handshake, indicating the problem by the return value -1. +In this case a call to SSL_get_error() with the return value of SSL_accept() will yield B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_accept(). diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod index 8426310c0d..cc56ebb75f 100644 --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod @@ -25,7 +25,8 @@ handshake has been finished or an error occurred. If the underlying BIO is B<non-blocking>, SSL_connect() will also return when the underlying BIO could not satisfy the needs of SSL_connect() -to continue the handshake. In this case a call to SSL_get_error() with the +to continue the handshake, indicating the problem by the return value -1. +In this case a call to SSL_get_error() with the return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). diff --git a/doc/ssleay.txt b/doc/ssleay.txt index c6049d5e53..d44d2f04a0 100644 --- a/doc/ssleay.txt +++ b/doc/ssleay.txt @@ -6245,7 +6245,7 @@ SSL_get_app_data void SSL_CTX_set_default_verify /* This callback, if set, totaly overrides the normal SSLeay verification - * functions and should return 1 on sucesss and 0 on failure */ + * functions and should return 1 on success and 0 on failure */ void SSL_CTX_set_cert_verify_callback /* The following are the same as the equivilent SSL_xxx functions. @@ -174,6 +174,13 @@ extern "C" { #define closesocket(s) close(s) #define readsocket(s,b,n) recv((s),(b),(n),0) #define writesocket(s,b,n) send((s),(b),(n),0) +#elif defined(OPENSSL_SYS_VXWORKS) +#define get_last_socket_error() errno +#define clear_socket_error() errno=0 +#define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) +#define closesocket(s) close(s) +#define readsocket(s,b,n) read((s),(b),(n)) +#define writesocket(s,b,n) write((s),(char *)(b),(n)) #else #define get_last_socket_error() errno #define clear_socket_error() errno=0 @@ -250,7 +257,7 @@ extern "C" { # define EXIT(n) _wsetexit(_WINEXITNOPERSIST) # define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0) # else -# define EXIT(n) return(n) +# define EXIT(n) exit(n) # endif # define LIST_SEPARATOR_CHAR ';' # ifndef X_OK @@ -314,6 +321,26 @@ extern "C" { __VMS_EXIT |= 0x10000000; \ exit(__VMS_EXIT); } while(0) # define NO_SYS_PARAM_H + +# elif defined(OPENSSL_SYS_NETWARE) +# include <fcntl.h> +# include <unistd.h> +# define NO_SYS_TYPES_H +# undef DEVRANDOM +# ifdef NETWARE_CLIB +# define getpid GetThreadID +# endif +# define NO_SYSLOG +# define _setmode setmode +# define _kbhit kbhit +# define _O_TEXT O_TEXT +# define _O_BINARY O_BINARY +# define OPENSSL_CONF "openssl.cnf" +# define SSLEAY_CONF OPENSSL_CONF +# define RFILE ".rnd" +# define LIST_SEPARATOR_CHAR ';' +# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); } + # else /* !defined VMS */ # ifdef OPENSSL_SYS_MPE @@ -331,6 +358,8 @@ extern "C" { # define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP * (unless when compiling with -D_POSIX_SOURCE, * which doesn't work for us) */ +# endif +# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) # define ssize_t int /* ditto */ # endif # ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */ @@ -384,6 +413,19 @@ extern HINSTANCE _hInstance; # define SHUTDOWN(fd) MacSocket_close(fd) # define SHUTDOWN2(fd) MacSocket_close(fd) +# elif defined(OPENSSL_SYS_NETWARE) + /* NetWare uses the WinSock2 interfaces + */ +# if defined(NETWARE_CLIB) +# include <ws2nlm.h> +# elif defined(NETWARE_LIBC) +# include <novsock2.h> +# endif +# define SSLeay_Write(a,b,c) send((a),(b),(c),0) +# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) +# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } +# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } + # else # ifndef NO_SYS_PARAM_H @@ -501,11 +543,33 @@ extern char *sys_errlist[]; extern int sys_nerr; #define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/ #endif +#if defined(OPENSSL_SYS_WINDOWS) +# define strcasecmp _stricmp +# define strncasecmp _strnicmp +#elif defined(OPENSSL_SYS_VMS) +/* VMS below version 7.0 doesn't have strcasecmp() */ +# include <openssl/o_str.h> +# define strcasecmp OPENSSL_strcasecmp +# define strncasecmp OPENSSL_strncasecmp +#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) +# define strcasecmp stricmp +# define strncasecmp strnicmp +#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) +# define strcasecmp stricmp +# define strncasecmp strnicmp +#else +# ifdef NO_STRINGS_H + int strcasecmp(); + int strncasecmp(); +# else +# include <strings.h> +# endif /* NO_STRINGS_H */ +#endif + #if defined(OPENSSL_SYS_OS2) && defined(__EMX__) # include <io.h> # include <fcntl.h> # define NO_SYSLOG -# define strcasecmp stricmp #endif /* vxworks */ @@ -517,10 +581,6 @@ extern char *sys_errlist[]; extern int sys_nerr; #define TTY_STRUCT int #define sleep(a) taskDelay((a) * sysClkRateGet()) -#if defined(ioctlsocket) -#undef ioctlsocket -#endif -#define ioctlsocket(a,b,c) ioctl((a),(b),*(c)) #include <vxWorks.h> #include <sockLib.h> @@ -76,6 +76,12 @@ extern "C" { # define OPENSSL_SYS_MACINTOSH_CLASSIC #endif +/* ----------------------- NetWare ----------------------------------------- */ +#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_NETWARE +#endif + /* ---------------------- Microsoft operating systems ---------------------- */ /* The 16 bit environments are pretty straightforward */ diff --git a/engines/Makefile.ssl b/engines/Makefile.ssl index 6a010e05d6..24787ab758 100644 --- a/engines/Makefile.ssl +++ b/engines/Makefile.ssl @@ -141,10 +141,11 @@ e_4758_cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h e_4758_cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_4758_cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_4758_cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_4758_cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_4758_cca.o: ../include/openssl/ui.h ../include/openssl/x509.h -e_4758_cca.o: ../include/openssl/x509_vfy.h e_4758_cca.c e_4758_cca_err.c -e_4758_cca.o: e_4758_cca_err.h vendor_defns/hw_4758_cca.h +e_4758_cca.o: ../include/openssl/stack.h ../include/openssl/store.h +e_4758_cca.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_4758_cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_4758_cca.o: e_4758_cca.c e_4758_cca_err.c e_4758_cca_err.h +e_4758_cca.o: vendor_defns/hw_4758_cca.h e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -152,11 +153,15 @@ e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h -e_aep.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_aep.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_aep.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_aep.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_aep.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_aep.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_aep.c +e_aep.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_aep.o: ../include/openssl/stack.h ../include/openssl/store.h +e_aep.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_aep.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_aep.c e_aep.o: e_aep_err.c e_aep_err.h vendor_defns/aep.h e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -165,11 +170,15 @@ e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h -e_atalla.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_atalla.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_atalla.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_atalla.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_atalla.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_atalla.c +e_atalla.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_atalla.o: ../include/openssl/stack.h ../include/openssl/store.h +e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_atalla.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_atalla.c e_atalla.o: e_atalla_err.c e_atalla_err.h vendor_defns/atalla.h e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -178,11 +187,15 @@ e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h -e_cswift.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_cswift.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_cswift.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_cswift.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_cswift.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_cswift.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_cswift.c +e_cswift.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_cswift.o: ../include/openssl/stack.h ../include/openssl/store.h +e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_cswift.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_cswift.c e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -190,12 +203,16 @@ e_gmp.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_gmp.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -e_gmp.o: ../include/openssl/err.h ../include/openssl/lhash.h -e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +e_gmp.o: ../include/openssl/err.h ../include/openssl/evp.h +e_gmp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_gmp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_gmp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_gmp.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_gmp.o: ../include/openssl/ui.h e_gmp.c +e_gmp.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_gmp.o: ../include/openssl/store.h ../include/openssl/symhacks.h +e_gmp.o: ../include/openssl/ui.h ../include/openssl/x509.h +e_gmp.o: ../include/openssl/x509_vfy.h e_gmp.c e_ncipher.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ncipher.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ncipher.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -210,10 +227,11 @@ e_ncipher.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h e_ncipher.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h e_ncipher.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_ncipher.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_ncipher.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_ncipher.o: ../include/openssl/ui.h ../include/openssl/x509.h -e_ncipher.o: ../include/openssl/x509_vfy.h e_ncipher.c e_ncipher_err.c -e_ncipher.o: e_ncipher_err.h vendor_defns/hwcryptohook.h +e_ncipher.o: ../include/openssl/stack.h ../include/openssl/store.h +e_ncipher.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_ncipher.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_ncipher.o: e_ncipher.c e_ncipher_err.c e_ncipher_err.h +e_ncipher.o: vendor_defns/hwcryptohook.h e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -221,11 +239,15 @@ e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h -e_nuron.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_nuron.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_nuron.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_nuron.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_nuron.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_nuron.c +e_nuron.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_nuron.o: ../include/openssl/stack.h ../include/openssl/store.h +e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_nuron.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_nuron.c e_nuron.o: e_nuron_err.c e_nuron_err.h e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -241,10 +263,11 @@ e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h e_sureware.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_sureware.o: ../include/openssl/ui.h ../include/openssl/x509.h -e_sureware.o: ../include/openssl/x509_vfy.h e_sureware.c e_sureware_err.c -e_sureware.o: e_sureware_err.h vendor_defns/sureware.h +e_sureware.o: ../include/openssl/stack.h ../include/openssl/store.h +e_sureware.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h +e_sureware.o: vendor_defns/sureware.h e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -252,9 +275,13 @@ e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h -e_ubsec.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_ubsec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_ubsec.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_ubsec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_ubsec.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_ubsec.c +e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_ubsec.o: ../include/openssl/stack.h ../include/openssl/store.h +e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_ubsec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_ubsec.c e_ubsec.o: e_ubsec_err.c e_ubsec_err.h vendor_defns/hw_ubsec.h diff --git a/engines/e_4758_cca.c b/engines/e_4758_cca.c index 68a628229d..b006ed8763 100644 --- a/engines/e_4758_cca.c +++ b/engines/e_4758_cca.c @@ -76,7 +76,7 @@ static int ibm_4758_cca_destroy(ENGINE *e); static int ibm_4758_cca_init(ENGINE *e); static int ibm_4758_cca_finish(ENGINE *e); -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* rsa functions */ /*---------------*/ @@ -343,7 +343,7 @@ static int ibm_4758_cca_finish(ENGINE *e) return 1; } -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((dso == NULL) ? 0 : 1); switch(cmd) @@ -390,7 +390,7 @@ static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id, unsigned char exitData[8]; unsigned char ruleArray[8]; unsigned char keyLabel[64]; - long keyLabelLength = strlen(key_id); + unsigned long keyLabelLength = strlen(key_id); unsigned char modulus[256]; long modulusFieldLength = sizeof(modulus); long modulusLength = 0; @@ -482,7 +482,7 @@ static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id, unsigned char exitData[8]; unsigned char ruleArray[8]; unsigned char keyLabel[64]; - long keyLabelLength = strlen(key_id); + unsigned long keyLabelLength = strlen(key_id); unsigned char modulus[512]; long modulusFieldLength = sizeof(modulus); long modulusLength = 0; @@ -922,7 +922,7 @@ static int cca_get_random_bytes(unsigned char* buf, int num) unsigned char form[] = "RANDOM "; unsigned char rand_buf[8]; - while(num >= sizeof(rand_buf)) + while(num >= (int)sizeof(rand_buf)) { randomNumberGenerate(&ret_code, &reason_code, &exit_data_length, exit_data, form, rand_buf); diff --git a/engines/e_aep.c b/engines/e_aep.c index 46ccac2823..5083c80ef8 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -88,7 +88,7 @@ typedef int pid_t; static int aep_init(ENGINE *e); static int aep_finish(ENGINE *e); -static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); static int aep_destroy(ENGINE *e); static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection); @@ -554,7 +554,7 @@ static int aep_finish(ENGINE *e) return to_return; } -static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((aep_dso == NULL) ? 0 : 1); switch(cmd) @@ -852,7 +852,11 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +#ifndef NETWARE_CLIB curr_pid = getpid(); +#else + curr_pid = GetThreadID(); +#endif /*Check if this is the first time this is being called from the current process*/ diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 64dcc046e8..79abc70678 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -78,7 +78,7 @@ static int atalla_destroy(ENGINE *e); static int atalla_init(ENGINE *e); static int atalla_finish(ENGINE *e); -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* BIGNUM stuff */ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -406,7 +406,7 @@ static int atalla_finish(ENGINE *e) return 1; } -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((atalla_dso == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 28a51d1bfd..793aaccb11 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -92,7 +92,7 @@ static int cswift_destroy(ENGINE *e); static int cswift_init(ENGINE *e); static int cswift_finish(ENGINE *e); -static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* BIGNUM stuff */ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -439,7 +439,7 @@ static int cswift_finish(ENGINE *e) return 1; } -static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((cswift_dso == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_gmp.c b/engines/e_gmp.c index 8d778fcbf7..64cb039ed8 100644 --- a/engines/e_gmp.c +++ b/engines/e_gmp.c @@ -97,7 +97,7 @@ static int e_gmp_destroy(ENGINE *e); static int e_gmp_init(ENGINE *e); static int e_gmp_finish(ENGINE *e); -static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); #ifndef OPENSSL_NO_RSA /* RSA stuff */ @@ -230,7 +230,7 @@ static int e_gmp_finish(ENGINE *e) return 1; } -static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int to_return = 1; diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c index bf95ca8612..e416cffedb 100644 --- a/engines/e_ncipher.c +++ b/engines/e_ncipher.c @@ -88,7 +88,7 @@ static int hwcrhk_destroy(ENGINE *e); static int hwcrhk_init(ENGINE *e); static int hwcrhk_finish(ENGINE *e); -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* Functions to handle mutexes */ static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*); @@ -648,7 +648,7 @@ static int hwcrhk_finish(ENGINE *e) return to_return; } -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int to_return = 1; diff --git a/engines/e_nuron.c b/engines/e_nuron.c index f9c3795033..e3a9406c49 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -156,7 +156,7 @@ static int nuron_finish(ENGINE *e) return 1; } -static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((pvDSOHandle == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_sureware.c b/engines/e_sureware.c index cae8bf4856..8e77e5c282 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -69,7 +69,7 @@ #define SUREWARE_LIB_NAME "sureware engine" #include "e_sureware_err.c" -static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); static int surewarehk_destroy(ENGINE *e); static int surewarehk_init(ENGINE *e); static int surewarehk_finish(ENGINE *e); @@ -368,7 +368,7 @@ static BIO *logstream = NULL; * called, the checking and error handling is probably down there. */ static int threadsafe=1; -static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int to_return = 1; diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 02927d7b38..094458887c 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -82,7 +82,7 @@ static int ubsec_destroy(ENGINE *e); static int ubsec_init(ENGINE *e); static int ubsec_finish(ENGINE *e); -static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -518,7 +518,7 @@ static int ubsec_finish(ENGINE *e) return 1; } -static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((ubsec_dso == NULL) ? 0 : 1); switch(cmd) @@ -566,7 +566,6 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL); return 0; } - memset(r->d, 0, BN_num_bytes(m)); if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { fd = 0; diff --git a/engines/vendor_defns/sureware.h b/engines/vendor_defns/sureware.h index 1d3789219d..4bc22027f9 100644 --- a/engines/vendor_defns/sureware.h +++ b/engines/vendor_defns/sureware.h @@ -232,7 +232,7 @@ extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign; * mlen,elen and dlen are all multiple of sizeof(unsigned long) */ typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod, - int elen,const unsigned long *exp, + int elen,const unsigned long *exponent, int dlen,unsigned long *data, unsigned long *res); extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp; diff --git a/openssl.spec b/openssl.spec index 3085d3e94b..3979cb85a8 100644 --- a/openssl.spec +++ b/openssl.spec @@ -83,18 +83,18 @@ documentation and POD files from which the man pages were produced. %build -%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr +%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir} perl util/perlpath.pl /usr/bin/perl %ifarch i386 i486 i586 i686 -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-elf shared +./Configure %{CONFIG_FLAGS} linux-elf shared %endif %ifarch ppc -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared +./Configure %{CONFIG_FLAGS} linux-ppc shared %endif %ifarch alpha -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared +./Configure %{CONFIG_FLAGS} linux-alpha shared %endif LD_LIBRARY_PATH=`pwd` make LD_LIBRARY_PATH=`pwd` make rehash @@ -102,12 +102,7 @@ LD_LIBRARY_PATH=`pwd` make test %install rm -rf $RPM_BUILD_ROOT -make MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" install - -# Rename manpages -for x in $RPM_BUILD_ROOT/usr/man/man*/* - do mv ${x} ${x}ssl -done +make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install # Make backwards-compatibility symlink to ssleay ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay @@ -135,6 +130,7 @@ rm -rf $RPM_BUILD_ROOT %doc CHANGES CHANGES.SSLeay LICENSE NEWS README %attr(0644,root,root) /usr/lib/*.a +%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc %attr(0644,root,root) /usr/include/openssl/* %attr(0644,root,root) /usr/man/man[3]/* @@ -150,6 +146,8 @@ ldconfig ldconfig %changelog +* Wed May 7 2003 Richard Levitte <richard@levitte.org> +- Add /usr/lib/pkgconfig/openssl.pc to the development section. * Thu Mar 22 2001 Richard Levitte <richard@levitte.org> - Removed redundant subsection that re-installed libcrypto.a and libssl.a as well. Also remove RSAref stuff completely, since it's not needed diff --git a/os2/OS2-EMX.cmd b/os2/OS2-EMX.cmd index acab99ac39..5924b50b6d 100644 --- a/os2/OS2-EMX.cmd +++ b/os2/OS2-EMX.cmd @@ -64,3 +64,39 @@ echo RC5\32 cd crypto\rc5\asm perl rc5-586.pl a.out > r5-os2.asm cd ..\..\.. + +cd os2 + +if exist noname\backward_ssl.def goto nomkdir +mkdir noname +:nomkdir + +perl backwardify.pl crypto.def >backward_crypto.def +perl backwardify.pl ssl.def >backward_ssl.def +perl backwardify.pl -noname crypto.def >noname\backward_crypto.def +perl backwardify.pl -noname ssl.def >noname\backward_ssl.def + +echo Creating backward compatibility forwarder dlls: +echo crypto.dll +gcc -Zomf -Zdll -Zcrtdll -o crypto.dll backward_crypto.def 2>&1 | grep -v L4085 +echo ssl.dll +gcc -Zomf -Zdll -Zcrtdll -o ssl.dll backward_ssl.def 2>&1 | grep -v L4085 + +echo Creating smaller backward compatibility forwarder dlls: +echo These DLLs are not good for runtime resolution of symbols. +echo noname\crypto.dll +gcc -Zomf -Zdll -Zcrtdll -o noname/crypto.dll noname/backward_crypto.def 2>&1 | grep -v L4085 +echo noname\ssl.dll +gcc -Zomf -Zdll -Zcrtdll -o noname/ssl.dll noname/backward_ssl.def 2>&1 | grep -v L4085 + +echo Compressing forwarders (it is ok if lxlite is not found): +lxlite *.dll noname/*.dll + +cd .. + +echo Now run: +echo For static build: +echo make -f OS2-EMX.mak +echo For dynamic build: +echo make -f OS2-EMX-DLL.mak +echo then rename crypto.dll to cryptssl.dll, ssl.dll to open_ssl.dll diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl index c1e34b2410..fad68f3af7 100644 --- a/ssl/Makefile.ssl +++ b/ssl/Makefile.ssl @@ -55,14 +55,14 @@ ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ..; $(MAKE) DIRS=$(DIR) all) -all: lib shared +all: shared lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -shared: +shared: lib if [ -n "$(SHARED_LIBS)" ]; then \ (cd ..; $(MAKE) $(SHARED_LIB)); \ fi @@ -71,7 +71,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST) @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) diff --git a/ssl/kssl.c b/ssl/kssl.c index a80f5b2f74..7c45f8ff4e 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1496,8 +1496,9 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, "bad ticket from krb5_rd_req.\n"); } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, - &krb5ticket->enc_part2->client->realm, - krb5ticket->enc_part2->client->data)) + &krb5ticket->enc_part2->client->realm, + krb5ticket->enc_part2->client->data, + krb5ticket->enc_part2->client->length)) { kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, "kssl_ctx_setprinc() fails.\n"); @@ -1564,16 +1565,17 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx) } -/* Given a (krb5_data *) entity (and optional realm), +/* Given an array of (krb5_data *) entity (and optional realm), ** set the plain (char *) client_princ or service_host member ** of the kssl_ctx struct. */ krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity) + krb5_data *realm, krb5_data *entity, int nentities) { char **princ; int length; + int i; if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR; @@ -1585,18 +1587,33 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, } if (*princ) free(*princ); - length = entity->length + ((realm)? realm->length + 2: 1); + /* Add up all the entity->lengths */ + length = 0; + for (i=0; i < nentities; i++) + { + length += entity[i].length; + } + /* Add in space for the '/' character(s) (if any) */ + length += nentities-1; + /* Space for the ('@'+realm+NULL | NULL) */ + length += ((realm)? realm->length + 2: 1); + if ((*princ = calloc(1, length)) == NULL) return KSSL_CTX_ERR; else - { - strncpy(*princ, entity->data, entity->length); - (*princ)[entity->length]='\0'; + { + for (i = 0; i < nentities; i++) + { + strncat(*princ, entity[i].data, entity[i].length); + if (i < nentities-1) + { + strcat (*princ, "/"); + } + } if (realm) { strcat (*princ, "@"); (void) strncat(*princ, realm->data, realm->length); - (*princ)[entity->length+1+realm->length]='\0'; } } diff --git a/ssl/kssl.h b/ssl/kssl.h index cf7ebdd168..19a689b089 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -149,7 +149,7 @@ KSSL_CTX *kssl_ctx_new(void); KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); void kssl_ctx_show(KSSL_CTX *kssl_ctx); krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity); + krb5_data *realm, krb5_data *entity, int nentities); krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, krb5_data *authenp, KSSL_ERR *kssl_err); krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 1d24dedc91..da88460259 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -116,7 +116,6 @@ #include <openssl/buffer.h> #include <openssl/objects.h> #include <openssl/evp.h> -#include "cryptlib.h" static SSL_METHOD *ssl2_get_client_method(int ver); static int get_server_finished(SSL *s); @@ -668,7 +667,7 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { - if (i > sizeof sess->master_key) + if (i > (int)sizeof(sess->master_key)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); @@ -688,7 +687,7 @@ static int client_master_key(SSL *s) else enc=i; - if (i < enc) + if ((int)i < enc) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR); @@ -717,7 +716,7 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ - if (karg > sizeof sess->key_arg) + if (karg > (int)sizeof(sess->key_arg)) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index d3b144f1c5..18882bf704 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -59,7 +59,6 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_SSL2 #include <stdio.h> -#include "cryptlib.h" int ssl2_enc_init(SSL *s, int client) { @@ -101,7 +100,7 @@ int ssl2_enc_init(SSL *s, int client) if (ssl2_generate_key_material(s) <= 0) return 0; - OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg); + OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg)); EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 910b9fe097..4a86ac2dd6 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -63,7 +63,6 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/md5.h> -#include "cryptlib.h" static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -139,6 +138,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, /* IDEA_128_CBC_WITH_MD5 */ +#ifndef OPENSSL_NO_IDEA { 1, SSL2_TXT_IDEA_128_CBC_WITH_MD5, @@ -151,6 +151,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +#endif /* DES_64_CBC_WITH_MD5 */ { 1, @@ -371,7 +372,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS]; SSL_CIPHER c,*cp= &c,**cpp; unsigned long id; - int i; + unsigned int i; if (init) { @@ -437,7 +438,8 @@ int ssl2_generate_key_material(SSL *s) EVP_MD_CTX_init(&ctx); km=s->s2->key_material; - if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) + if (s->session->master_key_length < 0 || + s->session->master_key_length > (int)sizeof(s->session->master_key)) { SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); return 0; @@ -445,7 +447,8 @@ int ssl2_generate_key_material(SSL *s) for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5)) { - if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) + if (((km - s->s2->key_material) + EVP_MD_size(md5)) > + (int)sizeof(s->s2->key_material)) { /* EVP_DigestFinal_ex() below would write beyond buffer */ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); @@ -456,7 +459,7 @@ int ssl2_generate_key_material(SSL *s) OPENSSL_assert(s->session->master_key_length >= 0 && s->session->master_key_length - < sizeof s->session->master_key); + < (int)sizeof(s->session->master_key)); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; @@ -495,7 +498,7 @@ void ssl2_write_error(SSL *s) error=s->error; /* number of bytes left to write */ s->error=0; - OPENSSL_assert(error >= 0 && error <= sizeof buf); + OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf)); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index d82f137613..a10929a757 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -113,7 +113,6 @@ #ifndef OPENSSL_NO_SSL2 #include <stdio.h> #include <errno.h> -#include "cryptlib.h" #define USE_SOCKETS static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 62859a2d95..5da2a54af3 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -116,7 +116,6 @@ #include <openssl/rand.h> #include <openssl/objects.h> #include <openssl/evp.h> -#include "cryptlib.h" static SSL_METHOD *ssl2_get_server_method(int ver); static int get_client_master_key(SSL *s); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 211dd03b11..cd70bb1fb9 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -130,7 +130,6 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/md5.h> -#include "cryptlib.h" static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); @@ -582,7 +581,7 @@ static int ssl3_client_hello(SSL *s) *(p++)=i; if (i != 0) { - if (i > sizeof s->session->session_id) + if (i > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto err; @@ -1870,6 +1869,7 @@ static int ssl3_send_client_key_exchange(SSL *s) { EC_GROUP *srvr_group = NULL; int ecdh_clnt_cert = 0; + int field_size = 0; /* Did we send out the client's * ECDH share for use in premaster @@ -1962,7 +1962,21 @@ static int ssl3_send_client_key_exchange(SSL *s) * make sure to clear it out afterwards */ - n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); + field_size = EC_GROUP_get_degree(clnt_ecdh->group); + if (field_size <= 0) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_ECDH_LIB); + goto err; + } + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; + * this is new with this version of the Internet Draft). + */ + if (field_size <= 24 * 8) + n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); + else + n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, @@ -2146,6 +2160,7 @@ static int ssl3_send_client_verify(SSL *s) *(d++)=SSL3_MT_CERTIFICATE_VERIFY; l2n3(n,d); + s->state=SSL3_ST_CW_CERT_VRFY_B; s->init_num=(int)n+4; s->init_off=0; } @@ -2338,7 +2353,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s) if (algs & SSL_kRSA) { if (rsa == NULL - || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) + || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; @@ -2350,7 +2365,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s) if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { if (dh == NULL - || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) + || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); goto f_err; @@ -2375,7 +2390,8 @@ err: /* This is the complement of nid2curve_id in s3_srvr.c. */ static int curve_id2nid(int curve_id) { - /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ + /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) + * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ static int nid_list[26] = { 0, diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 559924d368..5d133eef14 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -139,7 +139,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX s1; unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; unsigned char c='A'; - int i,j,k; + unsigned int i,j,k; #ifdef CHARSET_EBCDIC c = os_toascii[c]; /*'A' in ASCII */ @@ -147,7 +147,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) k=0; EVP_MD_CTX_init(&m5); EVP_MD_CTX_init(&s1); - for (i=0; i<num; i+=MD5_DIGEST_LENGTH) + for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) { k++; if (k > sizeof buf) @@ -172,7 +172,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_DigestUpdate(&m5,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); - if ((i+MD5_DIGEST_LENGTH) > num) + if ((int)(i+MD5_DIGEST_LENGTH) > num) { EVP_DigestFinal_ex(&m5,smd,NULL); memcpy(km,smd,(num-i)); @@ -199,10 +199,10 @@ int ssl3_change_cipher_state(SSL *s, int which) COMP_METHOD *comp; const EVP_MD *m; EVP_MD_CTX md; - int exp,n,i,j,k,cl; + int is_exp,n,i,j,k,cl; int reuse_dd = 0; - exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); + is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; m=s->s3->tmp.new_hash; if (s->s3->tmp.new_compression == NULL) @@ -276,9 +276,9 @@ int ssl3_change_cipher_state(SSL *s, int which) p=s->s3->tmp.key_block; i=EVP_MD_size(m); cl=EVP_CIPHER_key_length(c); - j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? + j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; - /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ + /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) @@ -307,7 +307,7 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_MD_CTX_init(&md); memcpy(mac_secret,ms,i); - if (exp) + if (is_exp) { /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 2145385ccd..1ff9e3093b 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -284,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 07 */ +#ifndef OPENSSL_NO_IDEA { 1, SSL3_TXT_RSA_IDEA_128_SHA, @@ -296,6 +297,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +#endif /* Cipher 08 */ { 1, @@ -1914,7 +1916,7 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; SSL_CIPHER c,*cp= &c,**cpp; unsigned long id; - int i; + unsigned int i; if (init) { diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e941068416..c426cd444b 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -133,9 +133,10 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_KRB5 #include <openssl/krb5_asn.h> +#endif #include <openssl/md5.h> -#include "cryptlib.h" static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); @@ -456,10 +457,11 @@ int ssl3_accept(SSL *s) if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } @@ -883,6 +885,9 @@ static int ssl3_get_client_hello(SSL *s) } /* TLS does not mind if there is extra stuff */ +#if 0 /* SSL 3.0 does not mind either, so we should disable this test + * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b, + * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */ if (s->version == SSL3_VERSION) { if (p < (d+n)) @@ -894,6 +899,7 @@ static int ssl3_get_client_hello(SSL *s) goto f_err; } } +#endif /* Given s->session->ciphers and SSL_get_ciphers, we must * pick a cipher */ @@ -1011,7 +1017,7 @@ static int ssl3_send_server_hello(SSL *s) s->session->session_id_length=0; sl=s->session->session_id_length; - if (sl > sizeof s->session->session_id) + if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); return -1; @@ -1569,6 +1575,7 @@ static int ssl3_send_certificate_request(SSL *s) s->init_num += 4; #endif + s->state = SSL3_ST_SW_CERT_REQ_B; } /* SSL3_ST_SW_CERT_REQ_B */ @@ -1958,6 +1965,7 @@ static int ssl3_get_client_key_exchange(SSL *s) if ((l & SSL_kECDH) || (l & SSL_kECDHE)) { int ret = 1; + int field_size = 0; /* initialize structures for server's ECDH key pair */ if ((srvr_ecdh = EC_KEY_new()) == NULL) @@ -2058,7 +2066,21 @@ static int ssl3_get_client_key_exchange(SSL *s) } /* Compute the shared pre-master secret */ - i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); + field_size = EC_GROUP_get_degree(srvr_ecdh->group); + if (field_size <= 0) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_ECDH_LIB); + goto err; + } + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; + * this is new with this version of the Internet Draft). + */ + if (field_size <= 24 * 8) + i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); + else + i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); if (i <= 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, @@ -2455,7 +2477,8 @@ int ssl3_send_server_certificate(SSL *s) /* This is the complement of curve_id2nid in s3_clnt.c. */ static int nid2curve_id(int nid) { - /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ + /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) + * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ switch (nid) { case NID_sect163k1: /* sect163k1 (1) */ return 1; @@ -1198,6 +1198,11 @@ int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits); char * SSL_CIPHER_get_version(SSL_CIPHER *c); const char * SSL_CIPHER_get_name(SSL_CIPHER *c); +const COMP_METHOD *SSL_get_current_compression(SSL *s); +const COMP_METHOD *SSL_get_current_expansion(SSL *s); +const char *SSL_COMP_get_name(const COMP_METHOD *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); + int SSL_get_fd(SSL *s); int SSL_get_rfd(SSL *s); int SSL_get_wfd(SSL *s); @@ -1372,8 +1377,8 @@ const char *SSL_alert_type_string(int value); const char *SSL_alert_desc_string_long(int value); const char *SSL_alert_desc_string(int value); -void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); int SSL_add_client_CA(SSL *ssl,X509 *x); @@ -1485,8 +1490,10 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl, #endif #ifndef OPENSSL_NO_COMP +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_method(void); int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); #else +void *SSL_COMP_get_compression_method(void); int SSL_COMP_add_compression_method(int id,char *cm); #endif @@ -1701,6 +1708,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 +#define SSL_R_DUPLICATE_COMPRESSION_ID 1121 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 1119 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 7c8a451fc5..1a41b9967c 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -109,6 +109,12 @@ int SSL_library_init(void) EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); #endif +#ifndef OPENSSL_NO_COMP + /* This will initialise the built-in compression algorithms. + The value returned is a STACK_OF(SSL_COMP), but that can + be discarded safely */ + (void)SSL_COMP_get_compression_methods(); +#endif return(1); } diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 16bc11b559..9edc447b29 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -62,7 +62,6 @@ #include <openssl/asn1_mac.h> #include <openssl/objects.h> #include <openssl/x509.h> -#include "cryptlib.h" typedef struct ssl_session_asn1_st { @@ -295,11 +294,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, if (os.length > i) os.length = i; - if (os.length > sizeof ret->session_id) /* can't happen */ - os.length = sizeof ret->session_id; + if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ + os.length = sizeof(ret->session_id); ret->session_id_length=os.length; - OPENSSL_assert(os.length <= sizeof ret->session_id); + OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 144b90dd17..9fa4e61633 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -534,12 +534,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) return(i); } -static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list) +static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) { if (*ca_list != NULL) sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); - *ca_list=list; + *ca_list=name_list; } STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) @@ -561,14 +561,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) return(ret); } -void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list) +void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) { - set_client_CA_list(&(s->client_CA),list); + set_client_CA_list(&(s->client_CA),name_list); } -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list) +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) { - set_client_CA_list(&(ctx->client_CA),list); + set_client_CA_list(&(ctx->client_CA),name_list); } STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) @@ -794,7 +794,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, } r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name); - if (r <= 0 || r >= sizeof buf) + if (r <= 0 || r >= (int)sizeof(buf)) goto err; if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) goto err; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index f175dc8756..c31927706a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -135,7 +135,9 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, +#ifndef OPENSSL_NO_IDEA {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, +#endif {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, @@ -176,8 +178,12 @@ static void load_ciphers(void) EVP_get_cipherbyname(SN_rc4); ssl_cipher_methods[SSL_ENC_RC2_IDX]= EVP_get_cipherbyname(SN_rc2_cbc); +#ifndef OPENSSL_NO_IDEA ssl_cipher_methods[SSL_ENC_IDEA_IDX]= EVP_get_cipherbyname(SN_idea_cbc); +#else + ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; +#endif ssl_cipher_methods[SSL_ENC_AES128_IDX]= EVP_get_cipherbyname(SN_aes_128_cbc); ssl_cipher_methods[SSL_ENC_AES256_IDX]= @@ -381,10 +387,10 @@ static unsigned long ssl_cipher_get_disabled(void) } static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, - int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, + int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { - int i, list_num; + int i, co_list_num; SSL_CIPHER *c; /* @@ -395,18 +401,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, */ /* Get the initial list of ciphers */ - list_num = 0; /* actual count of ciphers */ + co_list_num = 0; /* actual count of ciphers */ for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if ((c != NULL) && c->valid && !(c->algorithms & mask)) { - list[list_num].cipher = c; - list[list_num].next = NULL; - list[list_num].prev = NULL; - list[list_num].active = 0; - list_num++; + co_list[co_list_num].cipher = c; + co_list[co_list_num].next = NULL; + co_list[co_list_num].prev = NULL; + co_list[co_list_num].active = 0; + co_list_num++; #ifdef KSSL_DEBUG printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); #endif /* KSSL_DEBUG */ @@ -419,18 +425,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, /* * Prepare linked list from list entries */ - for (i = 1; i < list_num - 1; i++) + for (i = 1; i < co_list_num - 1; i++) { - list[i].prev = &(list[i-1]); - list[i].next = &(list[i+1]); + co_list[i].prev = &(co_list[i-1]); + co_list[i].next = &(co_list[i+1]); } - if (list_num > 0) + if (co_list_num > 0) { - (*head_p) = &(list[0]); + (*head_p) = &(co_list[0]); (*head_p)->prev = NULL; - (*head_p)->next = &(list[1]); - (*tail_p) = &(list[list_num - 1]); - (*tail_p)->prev = &(list[list_num - 2]); + (*head_p)->next = &(co_list[1]); + (*tail_p) = &(co_list[co_list_num - 1]); + (*tail_p)->prev = &(co_list[co_list_num - 2]); (*tail_p)->next = NULL; } } @@ -476,7 +482,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, unsigned long algo_strength, unsigned long mask_strength, - int rule, int strength_bits, CIPHER_ORDER *list, + int rule, int strength_bits, CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; @@ -571,8 +577,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, *tail_p = tail; } -static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, - CIPHER_ORDER **tail_p) +static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, + CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) { int max_strength_bits, i, *number_uses; CIPHER_ORDER *curr; @@ -617,14 +624,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, for (i = max_strength_bits; i >= 0; i--) if (number_uses[i] > 0) ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, - list, head_p, tail_p); + co_list, head_p, tail_p); OPENSSL_free(number_uses); return(1); } static int ssl_cipher_process_rulestr(const char *rule_str, - CIPHER_ORDER *list, CIPHER_ORDER **head_p, + CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) { unsigned long algorithms, mask, algo_strength, mask_strength; @@ -749,7 +756,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, ok = 0; if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) - ok = ssl_cipher_strength_sort(list, + ok = ssl_cipher_strength_sort(co_list, head_p, tail_p); else SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, @@ -769,7 +776,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, { ssl_cipher_apply_rule(algorithms, mask, algo_strength, mask_strength, rule, -1, - list, head_p, tail_p); + co_list, head_p, tail_p); } else { @@ -791,7 +798,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, unsigned long disabled_mask; STACK_OF(SSL_CIPHER) *cipherstack; const char *rule_p; - CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr; + CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; SSL_CIPHER **ca_list = NULL; /* @@ -821,15 +828,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, #ifdef KSSL_DEBUG printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); #endif /* KSSL_DEBUG */ - list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); - if (list == NULL) + co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); + if (co_list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, - list, &head, &tail); + co_list, &head, &tail); /* * We also need cipher aliases for selecting based on the rule_str. @@ -845,7 +852,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); if (ca_list == NULL) { - OPENSSL_free(list); + OPENSSL_free(co_list); SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ } @@ -861,21 +868,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, if (strncmp(rule_str,"DEFAULT",7) == 0) { ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, - list, &head, &tail, ca_list); + co_list, &head, &tail, ca_list); rule_p += 7; if (*rule_p == ':') rule_p++; } if (ok && (strlen(rule_p) > 0)) - ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, + ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail, ca_list); OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ - OPENSSL_free(list); + OPENSSL_free(co_list); return(NULL); } /* @@ -884,7 +891,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { - OPENSSL_free(list); + OPENSSL_free(co_list); return(NULL); } @@ -902,7 +909,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, #endif } } - OPENSSL_free(list); /* Not needed any longer */ + OPENSSL_free(co_list); /* Not needed any longer */ /* * The following passage is a little bit odd. If pointer variables @@ -952,7 +959,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) { int is_export,pkl,kl; - char *ver,*exp; + char *ver,*exp_str; char *kx,*au,*enc,*mac; unsigned long alg,alg2,alg_s; #ifdef KSSL_DEBUG @@ -968,7 +975,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) is_export=SSL_C_IS_EXPORT(cipher); pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); kl=SSL_C_EXPORT_KEYLENGTH(cipher); - exp=is_export?" export":""; + exp_str=is_export?" export":""; if (alg & SSL_SSLV2) ver="SSLv2"; @@ -1094,9 +1101,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) return("Buffer too small"); #ifdef KSSL_DEBUG - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); + BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg); #else - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); + BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); #endif /* KSSL_DEBUG */ return(buf); } @@ -1182,17 +1189,33 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) comp->id=id; comp->method=cm; load_builtin_compressions(); - if ((ssl_comp_methods == NULL) + if (ssl_comp_methods + && !sk_SSL_COMP_find(ssl_comp_methods,comp)) + { + OPENSSL_free(comp); + MemCheck_on(); + SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); + return(1); + } + else if ((ssl_comp_methods == NULL) || !sk_SSL_COMP_push(ssl_comp_methods,comp)) { OPENSSL_free(comp); MemCheck_on(); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); - return(0); + return(1); } else { MemCheck_on(); - return(1); + return(0); } } + +const char *SSL_COMP_get_name(const COMP_METHOD *comp) + { + if (comp) + return comp->name; + return NULL; + } + diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index b9a50b8e63..359ea45b94 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -271,6 +271,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"}, {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, {SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, +{SSL_R_DUPLICATE_COMPRESSION_ID ,"duplicate compression id"}, {SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER ,"ecgroup too large for cipher"}, {SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, {SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ea76cf1172..b7b2e4086a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -125,7 +125,6 @@ #include <openssl/objects.h> #include <openssl/lhash.h> #include <openssl/x509v3.h> -#include "cryptlib.h" const char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -477,6 +476,11 @@ void SSL_free(SSL *s) if (s->method != NULL) s->method->ssl_free(s); +#ifndef OPENSSL_NO_KRB5 + if (s->kssl_ctx != NULL) + kssl_ctx_free(s->kssl_ctx); +#endif /* OPENSSL_NO_KRB5 */ + OPENSSL_free(s); } @@ -2202,6 +2206,20 @@ SSL_CIPHER *SSL_get_current_cipher(SSL *s) return(NULL); } +const COMP_METHOD *SSL_get_current_compression(SSL *s) + { + if (s->compress != NULL) + return(s->compress->meth); + return(NULL); + } + +const COMP_METHOD *SSL_get_current_expansion(SSL *s) + { + if (s->expand != NULL) + return(s->expand->meth); + return(NULL); + } + int ssl_init_wbio_buffer(SSL *s,int push) { BIO *bbio; diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 03828b6632..330390519b 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -207,7 +207,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) ok=1; else #endif - if (!X509_check_private_key(c->pkeys[i].x509,pkey)) + if (!X509_check_private_key(c->pkeys[i].x509,pkey)) { if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) { @@ -241,6 +241,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) return(0); } + ERR_clear_error(); /* make sure no error from X509_check_private_key() + * is left if we have chosen to ignore it */ if (c->pkeys[i].privatekey != NULL) EVP_PKEY_free(c->pkeys[i].privatekey); CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index b4fb90448f..85581d43ca 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -60,7 +60,6 @@ #include <openssl/lhash.h> #include <openssl/rand.h> #include "ssl_locl.h" -#include "cryptlib.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); @@ -79,11 +78,11 @@ SSL_SESSION *SSL_get1_session(SSL *ssl) /* Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's * non-null and when we up the reference count. */ - CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); sess = ssl->session; if(sess) sess->references++; - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); return(sess); } diff --git a/ssl/ssltest.c b/ssl/ssltest.c index a304398b9f..68eb654572 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -157,6 +157,9 @@ #elif defined(OPENSSL_SYS_WINCE) # define TEST_SERVER_CERT "\\OpenSSL\\server.pem" # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" +#elif defined(OPENSSL_SYS_NETWARE) +# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem" +# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem" #else # define TEST_SERVER_CERT "../apps/server.pem" # define TEST_CLIENT_CERT "../apps/client.pem" @@ -164,8 +167,8 @@ /* There is really no standard for this, so let's assign some tentative numbers. In any case, these numbers are only for this test */ -#define COMP_RLE 1 -#define COMP_ZLIB 2 +#define COMP_RLE 255 +#define COMP_ZLIB 1 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_RSA @@ -303,7 +306,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) goto err; } - if (type < 0 || type > CRYPTO_NUM_LOCKS) + if (type < 0 || type >= CRYPTO_NUM_LOCKS) { errstr = "type out of bounds"; goto err; @@ -373,7 +376,7 @@ int main(int argc, char *argv[]) SSL_METHOD *meth=NULL; SSL *c_ssl,*s_ssl; int number=1,reuse=0; - long bytes=1L; + long bytes=256L; #ifndef OPENSSL_NO_DH DH *dh; int dhe1024 = 0, dhe1024dsa = 0; @@ -387,6 +390,7 @@ int main(int argc, char *argv[]) clock_t s_time = 0, c_time = 0; int comp = 0; COMP_METHOD *cm = NULL; + STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; verbose = 0; debug = 0; @@ -594,7 +598,14 @@ bad: if (cm != NULL) { if (cm->type != NID_undef) - SSL_COMP_add_compression_method(comp, cm); + { + if (SSL_COMP_add_compression_method(comp, cm) != 0) + { + fprintf(stderr, + "Failed to add compression method\n"); + ERR_print_errors_fp(stderr); + } + } else { fprintf(stderr, @@ -605,6 +616,19 @@ bad: ERR_print_errors_fp(stderr); } } + ssl_comp_methods = SSL_COMP_get_compression_methods(); + fprintf(stderr, "Available compression methods:\n"); + { + int j, n = sk_SSL_COMP_num(ssl_comp_methods); + if (n == 0) + fprintf(stderr, " NONE\n"); + else + for (j = 0; j < n; j++) + { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); + fprintf(stderr, " %d: %s\n", c->id, c->name); + } + } #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) if (ssl2) @@ -1329,8 +1353,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) { if (c_write) { - j=(cw_num > (long)sizeof(cbuf)) - ?sizeof(cbuf):(int)cw_num; + j = (cw_num > (long)sizeof(cbuf)) ? + (int)sizeof(cbuf) : (int)cw_num; i=BIO_write(c_bio,cbuf,j); if (i < 0) { @@ -1460,8 +1484,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) } else { - j=(sw_num > (long)sizeof(sbuf))? - sizeof(sbuf):(int)sw_num; + j = (sw_num > (long)sizeof(sbuf)) ? + (int)sizeof(sbuf) : (int)sw_num; i=BIO_write(s_bio,sbuf,j); if (i < 0) { diff --git a/ssl/tls1.h b/ssl/tls1.h index 7f4a2f3085..be15445384 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -131,6 +131,10 @@ extern "C" { * suites to use 5B and 5C instead (this may change with future * updates to the IETF draft). */ +/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of + * ciphersuites, but does not define numbers for all of them + * because of possible conflicts with other Internet Drafts; + * most numbers are still subject to change. */ #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048 #define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049 diff --git a/test/.cvsignore b/test/.cvsignore index 58236039d6..fd1ddb0026 100644 --- a/test/.cvsignore +++ b/test/.cvsignore @@ -13,3 +13,4 @@ reqU.ss certU.ss Makefile.save tmp.bntest +evptests.txt diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 2b61e6f007..64fc8d779d 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -109,11 +109,11 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @@$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile generate: $(SRC) $(SRC): - @$(TOP)/util/point.sh dummytest.c $@ + @sh $(TOP)/util/point.sh dummytest.c $@ errors: @@ -811,17 +811,14 @@ dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c -dsatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -dsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -dsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -dsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -dsatest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -dsatest.o: ../include/openssl/engine.h ../include/openssl/err.h -dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dsatest.o: ../include/openssl/rand.h ../include/openssl/rsa.h +dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h +dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h +dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -dsatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h dsatest.c +dsatest.o: ../include/openssl/symhacks.h dsatest.c ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h @@ -833,55 +830,69 @@ ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h -ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ecdsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ecdsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ecdsatest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ecdsatest.o: ../include/openssl/engine.h ../include/openssl/err.h -ecdsatest.o: ../include/openssl/evp.h ../include/openssl/lhash.h -ecdsatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ecdsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ecdsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +ecdsatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +ecdsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h +ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h ecdsatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecdsatest.o: ../include/openssl/ui.h ecdsatest.c +ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecdsatest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ecdsatest.o: ../include/openssl/ui.h ../include/openssl/x509.h +ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ectest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ectest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ectest.o: ../include/openssl/engine.h ../include/openssl/err.h +ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ectest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +ectest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ectest.o: ../include/openssl/err.h ../include/openssl/evp.h ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c +ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ectest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ectest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ectest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ectest.o: ../include/openssl/ui.h ../include/openssl/x509.h +ectest.o: ../include/openssl/x509_vfy.h ectest.c enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h enginetest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h enginetest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -enginetest.o: ../include/openssl/err.h ../include/openssl/lhash.h -enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +enginetest.o: ../include/openssl/err.h ../include/openssl/evp.h +enginetest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +enginetest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -enginetest.o: ../include/openssl/ui.h enginetest.c +enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h +enginetest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +enginetest.o: ../include/openssl/ui.h ../include/openssl/x509.h +enginetest.o: ../include/openssl/x509_vfy.h enginetest.c evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -evp_test.o: ../include/openssl/bn.h ../include/openssl/conf.h -evp_test.o: ../include/openssl/crypto.h ../include/openssl/dh.h -evp_test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h -evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +evp_test.o: ../include/openssl/bn.h ../include/openssl/buffer.h +evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h +evp_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h +evp_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +evp_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +evp_test.o: ../include/openssl/engine.h ../include/openssl/err.h +evp_test.o: ../include/openssl/evp.h ../include/openssl/lhash.h +evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h evp_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h -evp_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h -evp_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h evp_test.c +evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +evp_test.o: ../include/openssl/stack.h ../include/openssl/store.h +evp_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h evp_test.c exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h @@ -952,15 +963,12 @@ rmdtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h rmdtest.o: ../include/openssl/symhacks.h rmdtest.c rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h -rsa_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h -rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -rsa_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -rsa_test.o: ../include/openssl/engine.h ../include/openssl/err.h +rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h rsa_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h -rsa_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h rsa_test.c +rsa_test.o: ../include/openssl/symhacks.h rsa_test.c sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sha1test.o: ../include/openssl/bn.h ../include/openssl/crypto.h sha1test.o: ../include/openssl/e_os2.h ../include/openssl/evp.h @@ -994,6 +1002,6 @@ ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssltest.o: ../include/openssl/ui.h ../include/openssl/x509.h -ssltest.o: ../include/openssl/x509_vfy.h ssltest.c +ssltest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ssltest.o: ../include/openssl/tls1.h ../include/openssl/ui.h +ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.c diff --git a/tools/Makefile.ssl b/tools/Makefile.ssl index bf0cd29c77..cb33d4a41e 100644 --- a/tools/Makefile.ssl +++ b/tools/Makefile.ssl @@ -42,7 +42,7 @@ files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - @$(TOP)/util/point.sh Makefile.ssl Makefile + @sh $(TOP)/util/point.sh Makefile.ssl Makefile lint: diff --git a/util/extract-names.pl b/util/extract-names.pl index d413a045cc..744a8e2324 100644 --- a/util/extract-names.pl +++ b/util/extract-names.pl @@ -9,8 +9,10 @@ while(<STDIN>) { } elsif ($name) { if (/ - /) { s/ - .*//; - s/[ \t,]+/ /g; - push @words, split ' '; + s/,[ \t]+/,/g; + s/^[ \t]+//g; + s/[ \t]+$//g; + push @words, split ','; } } if (/^=head1 *NAME *$/) { diff --git a/util/libeay.num b/util/libeay.num index 865fa9fe75..cc60c323ab 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1104,7 +1104,7 @@ BN_RECP_CTX_set 1131 EXIST::FUNCTION: BN_mod_mul_reciprocal 1132 EXIST::FUNCTION: BN_mod_exp_recp 1133 EXIST::FUNCTION: BN_div_recp 1134 EXIST::FUNCTION: -BN_CTX_init 1135 EXIST::FUNCTION: +BN_CTX_init 1135 EXIST::FUNCTION:DEPRECATED BN_MONT_CTX_init 1136 EXIST::FUNCTION: RAND_get_rand_method 1137 EXIST::FUNCTION: PKCS7_add_attribute 1138 EXIST::FUNCTION: @@ -2802,223 +2802,349 @@ BUF_strlcpy 3243 EXIST::FUNCTION: OpenSSLDie 3244 EXIST::FUNCTION: OPENSSL_cleanse 3245 EXIST::FUNCTION: BN_get0_nist_prime_384 3246 EXIST::FUNCTION: -ENGINE_register_ECDSA 3247 EXIST::FUNCTION:ENGINE -BN_nist_mod_192 3248 EXIST::FUNCTION: -EC_GROUP_get_trinomial_basis 3249 EXIST::FUNCTION:EC -ECDH_get_default_method 3250 EXIST::FUNCTION:ECDH -PKCS12_add_safe 3251 EXIST::FUNCTION: -ENGINE_register_ECDH 3252 EXIST::FUNCTION:ENGINE -i2d_ECPrivateKey 3253 EXIST::FUNCTION:EC -BN_get0_nist_prime_192 3254 EXIST::FUNCTION: -EC_POINT_set_affine_coordinates_GF2m 3255 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_affine_coords_GF2m 3255 EXIST:VMS:FUNCTION:EC -BN_GF2m_mod_exp_arr 3256 EXIST::FUNCTION: -X509_keyid_get0 3257 EXIST::FUNCTION: -EC_GROUP_new_by_nid 3258 EXIST::FUNCTION:EC -BN_GF2m_mod_mul_arr 3259 EXIST::FUNCTION: -EC_KEY_copy 3260 EXIST::FUNCTION:EC -EC_GROUP_check_discriminant 3261 EXIST::FUNCTION:EC -EC_POINT_point2bn 3262 EXIST::FUNCTION:EC -EC_GROUP_new_curve_GF2m 3263 EXIST::FUNCTION:EC -EVP_PKEY_get1_EC_KEY 3264 EXIST::FUNCTION:EC -ENGINE_get_default_ECDH 3265 EXIST::FUNCTION:ENGINE -ASN1_OCTET_STRING_NDEF_it 3266 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OCTET_STRING_NDEF_it 3266 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_static_state 3267 EXIST::FUNCTION:ENGINE -ECDSA_SIG_new 3268 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_sqr 3269 EXIST::FUNCTION: -EC_POINT_bn2point 3270 EXIST::FUNCTION:EC -EC_GROUP_get_point_conversion_form 3271 EXIST:!VMS:FUNCTION:EC -EC_GROUP_get_point_conv_form 3271 EXIST:VMS:FUNCTION:EC -PEM_read_bio_ECPKParameters 3272 EXIST::FUNCTION:EC -EC_GROUP_get_pentanomial_basis 3273 EXIST::FUNCTION:EC -EC_GROUP_get_nid 3274 EXIST::FUNCTION:EC -ECDSA_sign_setup 3275 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_solve_quad_arr 3276 EXIST::FUNCTION: -EC_KEY_up_ref 3277 EXIST::FUNCTION:EC -BN_GF2m_mod_div 3278 EXIST::FUNCTION: -EC_KEY_free 3279 EXIST::FUNCTION:EC -PEM_write_bio_ECPrivateKey 3280 EXIST::FUNCTION:EC -d2i_EC_PUBKEY 3281 EXIST::FUNCTION:EC -EC_KEY_print_fp 3282 EXIST::FUNCTION:EC,FP_API -BN_GF2m_mod_arr 3283 EXIST::FUNCTION: -PEM_write_bio_X509_CERT_PAIR 3284 EXIST::FUNCTION: -ECDH_get_ex_data 3285 EXIST::FUNCTION:ECDH -ECDSA_do_sign 3286 EXIST::FUNCTION:ECDSA -ENGINE_unregister_ECDH 3287 EXIST::FUNCTION:ENGINE -ECDH_OpenSSL 3288 EXIST::FUNCTION:ECDH -EC_POINT_dup 3289 EXIST::FUNCTION:EC -EC_get_builtin_curves 3290 EXIST::FUNCTION:EC -EVP_PKEY_set1_EC_KEY 3291 EXIST::FUNCTION:EC -BN_GF2m_mod_sqrt_arr 3292 EXIST::FUNCTION: -i2d_ECPrivateKey_bio 3293 EXIST::FUNCTION:BIO,EC -ECPKParameters_print_fp 3294 EXIST::FUNCTION:EC,FP_API -ECDSA_SIG_free 3295 EXIST::FUNCTION:ECDSA -PEM_write_bio_ECPKParameters 3296 EXIST::FUNCTION:EC -EC_GROUP_set_nid 3297 EXIST::FUNCTION:EC -PKCS12_add_safes 3298 EXIST::FUNCTION: -BN_GF2m_poly2arr 3299 EXIST::FUNCTION: -BN_get0_nist_prime_224 3300 EXIST::FUNCTION: -i2d_ECParameters 3301 EXIST::FUNCTION:EC -i2d_ECPKParameters 3302 EXIST::FUNCTION:EC -BN_ncopy 3303 EXIST::FUNCTION: -d2i_ECPKParameters 3304 EXIST::FUNCTION:EC -ENGINE_set_ECDH 3305 EXIST::FUNCTION:ENGINE -PEM_write_bio_EC_PUBKEY 3306 EXIST::FUNCTION:EC -ECParameters_print 3307 EXIST::FUNCTION:BIO,EC -ASN1_generate_nconf 3308 EXIST::FUNCTION: -BN_GF2m_mod_mul 3309 EXIST::FUNCTION: -EC_GROUP_set_seed 3310 EXIST::FUNCTION:EC -EC_GROUP_get_curve_GF2m 3311 EXIST::FUNCTION:EC -PEM_read_X509_CERT_PAIR 3312 EXIST:!WIN16:FUNCTION: -o2i_ECPublicKey 3313 EXIST::FUNCTION:EC -ECDSA_get_ex_data 3314 EXIST::FUNCTION:ECDSA -BN_GF2m_mod 3315 EXIST::FUNCTION: -EC_GROUP_get_seed_len 3316 EXIST::FUNCTION:EC -PEM_read_bio_EC_PUBKEY 3317 EXIST::FUNCTION:EC -i2d_EC_PUBKEY 3318 EXIST::FUNCTION:EC -ECDSA_get_default_method 3319 EXIST::FUNCTION:ECDSA -ASN1_put_eoc 3320 EXIST::FUNCTION: -ECDSA_DATA_free 3321 EXIST::FUNCTION:ECDSA -EC_METHOD_get_field_type 3322 EXIST::FUNCTION:EC -EC_GFp_nist_method 3323 EXIST::FUNCTION:EC -X509_CERT_PAIR_it 3324 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CERT_PAIR_it 3324 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -BN_GF2m_mod_sqr_arr 3325 EXIST::FUNCTION: -EC_GROUP_set_curve_GF2m 3326 EXIST::FUNCTION:EC -ENGINE_set_default_ECDSA 3327 EXIST::FUNCTION:ENGINE -BN_GF2m_mod_sqrt 3328 EXIST::FUNCTION: -ECDH_set_default_method 3329 EXIST::FUNCTION:ECDH -EC_KEY_generate_key 3330 EXIST::FUNCTION:EC -BN_GF2m_arr2poly 3331 EXIST::FUNCTION: -i2o_ECPublicKey 3332 EXIST::FUNCTION:EC -EC_GROUP_check 3333 EXIST::FUNCTION:EC -d2i_ECPrivateKey_bio 3334 EXIST::FUNCTION:BIO,EC -d2i_ECPrivateKey 3335 EXIST::FUNCTION:EC -ASN1_item_ndef_i2d 3336 EXIST::FUNCTION: -i2d_PKCS7_NDEF 3337 EXIST::FUNCTION: -EC_GROUP_get_degree 3338 EXIST::FUNCTION:EC -ASN1_generate_v3 3339 EXIST::FUNCTION: -BN_GF2m_add 3340 EXIST::FUNCTION: -X509_CERT_PAIR_free 3341 EXIST::FUNCTION: -BN_nist_mod_224 3342 EXIST::FUNCTION: -i2d_EC_PUBKEY_bio 3343 EXIST::FUNCTION:BIO,EC -EC_GROUP_get_asn1_flag 3344 EXIST::FUNCTION:EC -ECDH_get_ex_new_index 3345 EXIST::FUNCTION:ECDH -ECDH_size 3346 NOEXIST::FUNCTION: -BN_GF2m_mod_inv 3347 EXIST::FUNCTION: -BN_GF2m_mod_exp 3348 EXIST::FUNCTION: -EC_GROUP_get0_seed 3349 EXIST::FUNCTION:EC -ecdsa_check 3350 EXIST::FUNCTION:ECDSA -BN_GF2m_mod_div_arr 3351 EXIST::FUNCTION: -ENGINE_set_ECDSA 3352 EXIST::FUNCTION:ENGINE -ECPKParameters_print 3353 EXIST::FUNCTION:BIO,EC -PEM_write_EC_PUBKEY 3354 EXIST:!WIN16:FUNCTION:EC -ECDH_set_method 3355 EXIST::FUNCTION:ECDH -ECDH_set_ex_data 3356 EXIST::FUNCTION:ECDH -BN_nist_mod_521 3357 EXIST::FUNCTION: -EC_GROUP_set_point_conversion_form 3358 EXIST:!VMS:FUNCTION:EC -EC_GROUP_set_point_conv_form 3358 EXIST:VMS:FUNCTION:EC -PEM_read_EC_PUBKEY 3359 EXIST:!WIN16:FUNCTION:EC -i2d_ECDSA_SIG 3360 EXIST::FUNCTION:ECDSA -ECDSA_OpenSSL 3361 EXIST::FUNCTION:ECDSA -ECDSA_set_default_method 3362 EXIST::FUNCTION:ECDSA -EC_POINT_set_compressed_coordinates_GF2m 3363 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_compr_coords_GF2m 3363 EXIST:VMS:FUNCTION:EC -ECDH_DATA_new_method 3364 EXIST::FUNCTION:ECDH -BN_get0_nist_prime_256 3365 EXIST::FUNCTION: -PEM_read_ECPrivateKey 3366 EXIST:!WIN16:FUNCTION:EC -ERR_load_ECDSA_strings 3367 EXIST::FUNCTION:ECDSA -EC_GROUP_get_basis_type 3368 EXIST::FUNCTION:EC -ECDH_DATA_new 3369 EXIST::FUNCTION:ECDH -BN_nist_mod_384 3370 EXIST::FUNCTION: -i2d_X509_CERT_PAIR 3371 EXIST::FUNCTION: -PEM_write_ECPKParameters 3372 EXIST:!WIN16:FUNCTION:EC -ECDH_compute_key 3373 EXIST::FUNCTION:ECDH -ENGINE_register_all_ECDH 3374 EXIST::FUNCTION:ENGINE -BN_GF2m_mod_solve_quad 3375 EXIST::FUNCTION: -i2d_ECPrivateKey_fp 3376 EXIST::FUNCTION:EC,FP_API -ENGINE_register_all_ECDSA 3377 EXIST::FUNCTION:ENGINE -EC_POINT_get_affine_coordinates_GF2m 3378 EXIST:!VMS:FUNCTION:EC -EC_POINT_get_affine_coords_GF2m 3378 EXIST:VMS:FUNCTION:EC -EC_GROUP_dup 3379 EXIST::FUNCTION:EC -ENGINE_get_default_ECDSA 3380 EXIST::FUNCTION:ENGINE -EC_KEY_new 3381 EXIST::FUNCTION:EC -ECDSA_verify 3382 EXIST::FUNCTION:ECDSA -EC_POINT_point2hex 3383 EXIST::FUNCTION:EC -ECDSA_do_verify 3384 EXIST::FUNCTION:ECDSA -d2i_ECPrivateKey_fp 3385 EXIST::FUNCTION:EC,FP_API -PEM_write_ECPrivateKey 3386 EXIST:!WIN16:FUNCTION:EC -PEM_read_ECPKParameters 3387 EXIST:!WIN16:FUNCTION:EC -X509_CERT_PAIR_new 3388 EXIST::FUNCTION: -ECParameters_print_fp 3389 EXIST::FUNCTION:EC,FP_API -ECDH_DATA_free 3390 EXIST::FUNCTION:ECDH -PEM_write_X509_CERT_PAIR 3391 EXIST:!WIN16:FUNCTION: -d2i_X509_CERT_PAIR 3392 EXIST::FUNCTION: -i2d_EC_PUBKEY_fp 3393 EXIST::FUNCTION:EC,FP_API -BN_nist_mod_256 3394 EXIST::FUNCTION: -ECDSA_DATA_new 3395 EXIST::FUNCTION:ECDSA -ECDSA_size 3396 EXIST::FUNCTION:ECDSA -d2i_EC_PUBKEY_bio 3397 EXIST::FUNCTION:BIO,EC -BN_get0_nist_prime_521 3398 EXIST::FUNCTION: -PEM_read_bio_ECPrivateKey 3399 EXIST::FUNCTION:EC -ENGINE_get_ECDH 3400 EXIST::FUNCTION:ENGINE -d2i_ECDSA_SIG 3401 EXIST::FUNCTION:ECDSA -ECDSA_sign 3402 EXIST::FUNCTION:ECDSA -ENGINE_get_ECDSA 3403 EXIST::FUNCTION:ENGINE -EVP_ecdsa 3404 EXIST::FUNCTION:SHA -PKCS12_add_cert 3405 EXIST::FUNCTION: -ERR_load_ECDH_strings 3406 EXIST::FUNCTION:ECDH -EC_KEY_dup 3407 EXIST::FUNCTION:EC -ECDSA_set_method 3408 EXIST::FUNCTION:ECDSA -d2i_ECParameters 3409 EXIST::FUNCTION:EC -EC_GF2m_simple_method 3410 EXIST::FUNCTION:EC -ECDSA_set_ex_data 3411 EXIST::FUNCTION:ECDSA -EC_KEY_print 3412 EXIST::FUNCTION:BIO,EC -ECDSA_get_ex_new_index 3413 EXIST::FUNCTION:ECDSA -EC_GROUP_set_asn1_flag 3414 EXIST::FUNCTION:EC -EC_KEY_check_key 3415 EXIST::FUNCTION:EC -d2i_EC_PUBKEY_fp 3416 EXIST::FUNCTION:EC,FP_API -ecdh_check 3417 EXIST::FUNCTION:ECDH -ECDSA_DATA_new_method 3418 EXIST::FUNCTION:ECDSA -PEM_read_bio_X509_CERT_PAIR 3419 EXIST::FUNCTION: -ENGINE_set_default_ECDH 3420 EXIST::FUNCTION:ENGINE -PKCS12_add_key 3421 EXIST::FUNCTION: -DSO_merge 3422 EXIST::FUNCTION: -EC_POINT_hex2point 3423 EXIST::FUNCTION:EC -BN_GF2m_mod_inv_arr 3424 EXIST::FUNCTION: -ENGINE_unregister_ECDSA 3425 EXIST::FUNCTION:ENGINE -BN_GENCB_call 3426 EXIST::FUNCTION: -BN_is_prime_ex 3427 EXIST::FUNCTION: -RSA_generate_key_ex 3428 EXIST::FUNCTION:RSA -DSA_generate_parameters_ex 3429 EXIST::FUNCTION:DSA -BN_generate_prime_ex 3430 EXIST::FUNCTION: -DH_generate_parameters_ex 3431 EXIST::FUNCTION:DH -BN_is_prime_fasttest_ex 3432 EXIST::FUNCTION: -ENGINE_load_gmp 3433 EXIST::FUNCTION:ENGINE,STATIC_ENGINE -a2i_IPADDRESS 3434 EXIST::FUNCTION: -ENGINE_setup_bsd_cryptodev 3435 EXIST:__FreeBSD__:FUNCTION:ENGINE -EC_GROUP_have_precompute_mult 3436 EXIST::FUNCTION:EC -X509V3_NAME_from_section 3437 EXIST::FUNCTION: -POLICY_MAPPING_it 3438 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_MAPPING_it 3438 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -POLICY_MAPPINGS_it 3439 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_MAPPINGS_it 3439 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -POLICY_MAPPING_new 3440 EXIST::FUNCTION: -POLICY_MAPPING_free 3441 EXIST::FUNCTION: -POLICY_CONSTRAINTS_new 3442 EXIST::FUNCTION: -POLICY_CONSTRAINTS_it 3443 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICY_CONSTRAINTS_it 3443 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -POLICY_CONSTRAINTS_free 3444 EXIST::FUNCTION: -v2i_GENERAL_NAME_ex 3445 EXIST::FUNCTION: -NAME_CONSTRAINTS_free 3446 EXIST::FUNCTION: -a2i_IPADDRESS_NC 3447 EXIST::FUNCTION: -NAME_CONSTRAINTS_it 3448 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NAME_CONSTRAINTS_it 3448 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -NAME_CONSTRAINTS_new 3449 EXIST::FUNCTION: -GENERAL_SUBTREE_it 3450 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -GENERAL_SUBTREE_it 3450 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -GENERAL_SUBTREE_free 3451 EXIST::FUNCTION: -GENERAL_SUBTREE_new 3452 EXIST::FUNCTION: -EVP_PKEY_cmp 3453 EXIST::FUNCTION: -X509_REQ_check_private_key 3454 EXIST::FUNCTION: +ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE +ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH +ERR_set_mark 3248 EXIST::FUNCTION: +ENGINE_set_STORE 3249 EXIST::FUNCTION:ENGINE +ENGINE_register_ECDSA 3250 EXIST::FUNCTION:ENGINE +STORE_method_set_list_start_function 3251 EXIST::FUNCTION: +NAME_CONSTRAINTS_free 3252 EXIST::FUNCTION: +STORE_ATTR_INFO_set_number 3253 EXIST::FUNCTION: +POLICY_MAPPING_it 3254 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPING_it 3254 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_parse_attrs_start 3255 EXIST::FUNCTION: +POLICY_CONSTRAINTS_free 3256 EXIST::FUNCTION: +BN_nist_mod_192 3257 EXIST::FUNCTION: +EC_GROUP_get_trinomial_basis 3258 EXIST::FUNCTION:EC +STORE_set_method 3259 EXIST::FUNCTION: +GENERAL_SUBTREE_free 3260 EXIST::FUNCTION: +NAME_CONSTRAINTS_it 3261 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +NAME_CONSTRAINTS_it 3261 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ECDH_get_default_method 3262 EXIST::FUNCTION:ECDH +PKCS12_add_safe 3263 EXIST::FUNCTION: +STORE_method_get_update_store_function 3264 EXIST::FUNCTION: +ENGINE_register_ECDH 3265 EXIST::FUNCTION:ENGINE +i2d_ECPrivateKey 3266 EXIST::FUNCTION:EC +BN_get0_nist_prime_192 3267 EXIST::FUNCTION: +STORE_modify_certificate 3268 EXIST::FUNCTION: +EC_POINT_set_affine_coordinates_GF2m 3269 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_affine_coords_GF2m 3269 EXIST:VMS:FUNCTION:EC +BN_GF2m_mod_exp_arr 3270 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_number 3271 EXIST::FUNCTION: +X509_keyid_get0 3272 EXIST::FUNCTION: +EC_GROUP_new_by_nid 3273 EXIST::FUNCTION:EC +ENGINE_load_gmp 3274 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +BN_GF2m_mod_mul_arr 3275 EXIST::FUNCTION: +STORE_list_public_key_endp 3276 EXIST::FUNCTION: +o2i_ECPublicKey 3277 EXIST::FUNCTION:EC +EC_KEY_copy 3278 EXIST::FUNCTION:EC +EC_GROUP_check_discriminant 3279 EXIST::FUNCTION:EC +i2o_ECPublicKey 3280 EXIST::FUNCTION:EC +a2i_IPADDRESS 3281 EXIST::FUNCTION: +STORE_method_set_initialise_function 3282 EXIST::FUNCTION: +EC_POINT_point2bn 3283 EXIST::FUNCTION:EC +STORE_ATTR_INFO_set_dn 3284 EXIST::FUNCTION: +EC_GROUP_new_curve_GF2m 3285 EXIST::FUNCTION:EC +STORE_destroy_method 3286 EXIST::FUNCTION: +ENGINE_unregister_STORE 3287 EXIST::FUNCTION:ENGINE +EVP_PKEY_get1_EC_KEY 3288 EXIST::FUNCTION:EC +STORE_ATTR_INFO_get0_number 3289 EXIST::FUNCTION: +ENGINE_get_default_ECDH 3290 EXIST::FUNCTION:ENGINE +ASN1_OCTET_STRING_NDEF_it 3291 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_OCTET_STRING_NDEF_it 3291 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_delete_public_key 3292 EXIST::FUNCTION: +STORE_get_public_key 3293 EXIST::FUNCTION: +STORE_modify_arbitrary 3294 EXIST::FUNCTION: +ENGINE_get_static_state 3295 EXIST::FUNCTION:ENGINE +ECDSA_SIG_new 3296 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_sqr 3297 EXIST::FUNCTION: +EC_POINT_bn2point 3298 EXIST::FUNCTION:EC +STORE_get_method 3299 EXIST::FUNCTION: +STORE_parse_attrs_end 3300 EXIST::FUNCTION: +EC_GROUP_get_point_conversion_form 3301 EXIST:!VMS:FUNCTION:EC +EC_GROUP_get_point_conv_form 3301 EXIST:VMS:FUNCTION:EC +STORE_method_set_store_function 3302 EXIST::FUNCTION: +STORE_ATTR_INFO_in 3303 EXIST::FUNCTION: +PEM_read_bio_ECPKParameters 3304 EXIST::FUNCTION:EC +EC_GROUP_get_pentanomial_basis 3305 EXIST::FUNCTION:EC +EC_GROUP_get_nid 3306 EXIST::FUNCTION:EC +STORE_get_number 3307 EXIST::FUNCTION: +ECDSA_sign_setup 3308 EXIST::FUNCTION:ECDSA +BN_GF2m_mod_solve_quad_arr 3309 EXIST::FUNCTION: +EC_KEY_up_ref 3310 EXIST::FUNCTION:EC +POLICY_MAPPING_free 3311 EXIST::FUNCTION: +BN_GF2m_mod_div 3312 EXIST::FUNCTION: +EC_KEY_free 3313 EXIST::FUNCTION:EC +STORE_method_set_list_next_function 3314 EXIST::FUNCTION: +PEM_write_bio_ECPrivateKey 3315 EXIST::FUNCTION:EC +d2i_EC_PUBKEY 3316 EXIST::FUNCTION:EC +STORE_method_get_generate_function 3317 EXIST::FUNCTION: +STORE_method_set_list_end_function 3318 EXIST::FUNCTION: +EC_GROUP_have_precompute_mult 3319 EXIST::FUNCTION:EC +EC_KEY_print_fp 3320 EXIST::FUNCTION:EC,FP_API +BN_GF2m_mod_arr 3321 EXIST::FUNCTION: +PEM_write_bio_X509_CERT_PAIR 3322 EXIST::FUNCTION: +EVP_PKEY_cmp 3323 EXIST::FUNCTION: +STORE_new_engine 3324 EXIST::FUNCTION: +STORE_list_public_key_start 3325 EXIST::FUNCTION: +ECDH_get_ex_data 3326 EXIST::FUNCTION:ECDH +ECDSA_do_sign 3327 EXIST::FUNCTION:ECDSA +ENGINE_unregister_ECDH 3328 EXIST::FUNCTION:ENGINE +ECDH_OpenSSL 3329 EXIST::FUNCTION:ECDH +EC_POINT_dup 3330 EXIST::FUNCTION:EC +GENERAL_SUBTREE_new 3331 EXIST::FUNCTION: +STORE_list_crl_endp 3332 EXIST::FUNCTION: +EC_get_builtin_curves 3333 EXIST::FUNCTION:EC +STORE_list_crl_end 3334 EXIST::FUNCTION: +EVP_PKEY_set1_EC_KEY 3335 EXIST::FUNCTION:EC +BN_GF2m_mod_sqrt_arr 3336 EXIST::FUNCTION: +i2d_ECPrivateKey_bio 3337 EXIST::FUNCTION:BIO,EC +ECPKParameters_print_fp 3338 EXIST::FUNCTION:EC,FP_API +ECDSA_SIG_free 3339 EXIST::FUNCTION:ECDSA +PEM_write_bio_ECPKParameters 3340 EXIST::FUNCTION:EC +STORE_method_set_ctrl_function 3341 EXIST::FUNCTION: +STORE_list_public_key_end 3342 EXIST::FUNCTION: +EC_GROUP_set_nid 3343 EXIST::FUNCTION:EC +STORE_get_arbitrary 3344 EXIST::FUNCTION: +STORE_store_crl 3345 EXIST::FUNCTION: +PKCS12_add_safes 3346 EXIST::FUNCTION: +BN_GF2m_poly2arr 3347 EXIST::FUNCTION: +STORE_ctrl 3348 EXIST::FUNCTION: +STORE_ATTR_INFO_compare 3349 EXIST::FUNCTION: +BN_get0_nist_prime_224 3350 EXIST::FUNCTION: +i2d_ECParameters 3351 EXIST::FUNCTION:EC +i2d_ECPKParameters 3352 EXIST::FUNCTION:EC +BN_GENCB_call 3353 EXIST::FUNCTION: +BN_ncopy 3354 EXIST::FUNCTION: +d2i_ECPKParameters 3355 EXIST::FUNCTION:EC +STORE_method_set_generate_function 3356 EXIST::FUNCTION: +ENGINE_set_ECDH 3357 EXIST::FUNCTION:ENGINE +NAME_CONSTRAINTS_new 3358 EXIST::FUNCTION: +PEM_write_bio_EC_PUBKEY 3359 EXIST::FUNCTION:EC +STORE_ATTR_INFO_set_cstr 3360 EXIST::FUNCTION: +STORE_list_crl_next 3361 EXIST::FUNCTION: +STORE_ATTR_INFO_in_range 3362 EXIST::FUNCTION: +ECParameters_print 3363 EXIST::FUNCTION:BIO,EC +STORE_method_set_delete_function 3364 EXIST::FUNCTION: +STORE_list_certificate_next 3365 EXIST::FUNCTION: +ASN1_generate_nconf 3366 EXIST::FUNCTION: +BUF_memdup 3367 EXIST::FUNCTION: +BN_GF2m_mod_mul 3368 EXIST::FUNCTION: +STORE_method_get_list_next_function 3369 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_dn 3370 EXIST::FUNCTION: +STORE_list_private_key_next 3371 EXIST::FUNCTION: +EC_GROUP_set_seed 3372 EXIST::FUNCTION:EC +STORE_ATTR_INFO_free 3373 EXIST::FUNCTION: +STORE_get_private_key 3374 EXIST::FUNCTION: +STORE_ATTR_INFO_new 3375 EXIST::FUNCTION: +EC_GROUP_get_curve_GF2m 3376 EXIST::FUNCTION:EC +STORE_method_set_revoke_function 3377 EXIST::FUNCTION: +STORE_store_number 3378 EXIST::FUNCTION: +BN_is_prime_ex 3379 EXIST::FUNCTION: +STORE_revoke_public_key 3380 EXIST::FUNCTION: +STORE_delete_arbitrary 3381 EXIST::FUNCTION: +PEM_read_X509_CERT_PAIR 3382 EXIST:!WIN16:FUNCTION: +ECDSA_get_ex_data 3383 EXIST::FUNCTION:ECDSA +BUF_strndup 3384 EXIST::FUNCTION: +STORE_list_certificate_start 3385 EXIST::FUNCTION: +BN_GF2m_mod 3386 EXIST::FUNCTION: +X509_REQ_check_private_key 3387 EXIST::FUNCTION: +EC_GROUP_get_seed_len 3388 EXIST::FUNCTION:EC +ERR_load_STORE_strings 3389 EXIST::FUNCTION: +PEM_read_bio_EC_PUBKEY 3390 EXIST::FUNCTION:EC +STORE_list_private_key_end 3391 EXIST::FUNCTION: +i2d_EC_PUBKEY 3392 EXIST::FUNCTION:EC +ECDSA_get_default_method 3393 EXIST::FUNCTION:ECDSA +ASN1_put_eoc 3394 EXIST::FUNCTION: +ECDSA_DATA_free 3395 EXIST::FUNCTION:ECDSA +STORE_modify_private_key 3396 EXIST::FUNCTION: +EC_METHOD_get_field_type 3397 EXIST::FUNCTION:EC +EC_GFp_nist_method 3398 EXIST::FUNCTION:EC +STORE_method_set_modify_function 3399 EXIST::FUNCTION: +STORE_parse_attrs_next 3400 EXIST::FUNCTION: +X509_CERT_PAIR_it 3401 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +X509_CERT_PAIR_it 3401 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_method_get_revoke_function 3402 EXIST::FUNCTION: +STORE_method_set_get_function 3403 EXIST::FUNCTION: +STORE_modify_number 3404 EXIST::FUNCTION: +STORE_method_get_store_function 3405 EXIST::FUNCTION: +STORE_store_private_key 3406 EXIST::FUNCTION: +BN_GF2m_mod_sqr_arr 3407 EXIST::FUNCTION: +STORE_Memory 3408 EXIST::FUNCTION: +sk_find_ex 3409 EXIST::FUNCTION: +EC_GROUP_set_curve_GF2m 3410 EXIST::FUNCTION:EC +ENGINE_set_default_ECDSA 3411 EXIST::FUNCTION:ENGINE +POLICY_CONSTRAINTS_new 3412 EXIST::FUNCTION: +BN_GF2m_mod_sqrt 3413 EXIST::FUNCTION: +ECDH_set_default_method 3414 EXIST::FUNCTION:ECDH +EC_KEY_generate_key 3415 EXIST::FUNCTION:EC +BN_GF2m_arr2poly 3416 EXIST::FUNCTION: +STORE_method_get_get_function 3417 EXIST::FUNCTION: +STORE_method_set_cleanup_function 3418 EXIST::FUNCTION: +EC_GROUP_check 3419 EXIST::FUNCTION:EC +d2i_ECPrivateKey_bio 3420 EXIST::FUNCTION:BIO,EC +STORE_method_get_lock_store_function 3421 EXIST::FUNCTION: +STORE_method_set_update_store_function 3422 EXIST::FUNCTION: +d2i_ECPrivateKey 3423 EXIST::FUNCTION:EC +ASN1_item_ndef_i2d 3424 EXIST::FUNCTION: +STORE_delete_private_key 3425 EXIST::FUNCTION: +ERR_pop_to_mark 3426 EXIST::FUNCTION: +ENGINE_register_all_STORE 3427 EXIST::FUNCTION:ENGINE +i2d_PKCS7_NDEF 3428 EXIST::FUNCTION: +EC_GROUP_get_degree 3429 EXIST::FUNCTION:EC +ASN1_generate_v3 3430 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_cstr 3431 EXIST::FUNCTION: +BN_GF2m_add 3432 EXIST::FUNCTION: +STORE_generate_crl 3433 EXIST::FUNCTION: +STORE_store_public_key 3434 EXIST::FUNCTION: +X509_CERT_PAIR_free 3435 EXIST::FUNCTION: +STORE_revoke_private_key 3436 EXIST::FUNCTION: +BN_nist_mod_224 3437 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_dn 3438 EXIST::FUNCTION: +STORE_method_get_initialise_function 3439 EXIST::FUNCTION: +STORE_delete_number 3440 EXIST::FUNCTION: +i2d_EC_PUBKEY_bio 3441 EXIST::FUNCTION:BIO,EC +EC_GROUP_get_asn1_flag 3442 EXIST::FUNCTION:EC +STORE_ATTR_INFO_in_ex 3443 EXIST::FUNCTION: +STORE_list_crl_start 3444 EXIST::FUNCTION: +ECDH_get_ex_new_index 3445 EXIST::FUNCTION:ECDH +STORE_method_get_modify_function 3446 EXIST::FUNCTION: +STORE_store_certificate 3447 EXIST::FUNCTION: +OBJ_bsearch_ex 3448 EXIST::FUNCTION: +STORE_ATTR_INFO_set_sha1str 3449 EXIST::FUNCTION: +BN_GF2m_mod_inv 3450 EXIST::FUNCTION: +BN_GF2m_mod_exp 3451 EXIST::FUNCTION: +STORE_modify_public_key 3452 EXIST::FUNCTION: +STORE_method_get_list_start_function 3453 EXIST::FUNCTION: +EC_GROUP_get0_seed 3454 EXIST::FUNCTION:EC +ecdsa_check 3455 EXIST::FUNCTION:ECDSA +STORE_store_arbitrary 3456 EXIST::FUNCTION: +STORE_method_set_unlock_store_function 3457 EXIST::FUNCTION: +BN_GF2m_mod_div_arr 3458 EXIST::FUNCTION: +ENGINE_set_ECDSA 3459 EXIST::FUNCTION:ENGINE +STORE_create_method 3460 EXIST::FUNCTION: +ECPKParameters_print 3461 EXIST::FUNCTION:BIO,EC +PEM_write_EC_PUBKEY 3462 EXIST:!WIN16:FUNCTION:EC +ECDH_set_method 3463 EXIST::FUNCTION:ECDH +v2i_GENERAL_NAME_ex 3464 EXIST::FUNCTION: +ECDH_set_ex_data 3465 EXIST::FUNCTION:ECDH +STORE_generate_key 3466 EXIST::FUNCTION: +BN_nist_mod_521 3467 EXIST::FUNCTION: +EC_GROUP_set_point_conversion_form 3468 EXIST:!VMS:FUNCTION:EC +EC_GROUP_set_point_conv_form 3468 EXIST:VMS:FUNCTION:EC +PEM_read_EC_PUBKEY 3469 EXIST:!WIN16:FUNCTION:EC +i2d_ECDSA_SIG 3470 EXIST::FUNCTION:ECDSA +ECDSA_OpenSSL 3471 EXIST::FUNCTION:ECDSA +STORE_delete_crl 3472 EXIST::FUNCTION: +ECDSA_set_default_method 3473 EXIST::FUNCTION:ECDSA +EC_POINT_set_compressed_coordinates_GF2m 3474 EXIST:!VMS:FUNCTION:EC +EC_POINT_set_compr_coords_GF2m 3474 EXIST:VMS:FUNCTION:EC +EC_GROUP_cmp 3475 EXIST::FUNCTION:EC +STORE_revoke_certificate 3476 EXIST::FUNCTION: +ECDH_DATA_new_method 3477 EXIST::FUNCTION:ECDH +BN_get0_nist_prime_256 3478 EXIST::FUNCTION: +STORE_method_get_delete_function 3479 EXIST::FUNCTION: +PEM_read_ECPrivateKey 3480 EXIST:!WIN16:FUNCTION:EC +STORE_parse_attrs_endp 3481 EXIST::FUNCTION: +ERR_load_ECDSA_strings 3482 EXIST::FUNCTION:ECDSA +EC_GROUP_get_basis_type 3483 EXIST::FUNCTION:EC +ECDH_DATA_new 3484 EXIST::FUNCTION:ECDH +STORE_list_public_key_next 3485 EXIST::FUNCTION: +STORE_OBJECT_free 3486 EXIST::FUNCTION: +BN_nist_mod_384 3487 EXIST::FUNCTION: +i2d_X509_CERT_PAIR 3488 EXIST::FUNCTION: +PEM_write_ECPKParameters 3489 EXIST:!WIN16:FUNCTION:EC +ECDH_compute_key 3490 EXIST::FUNCTION:ECDH +STORE_ATTR_INFO_get0_sha1str 3491 EXIST::FUNCTION: +ENGINE_register_all_ECDH 3492 EXIST::FUNCTION:ENGINE +STORE_ATTR_INFO_get0_cstr 3493 EXIST::FUNCTION: +POLICY_CONSTRAINTS_it 3494 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_CONSTRAINTS_it 3494 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +STORE_get_ex_new_index 3495 EXIST::FUNCTION: +BN_GF2m_mod_solve_quad 3496 EXIST::FUNCTION: +i2d_ECPrivateKey_fp 3497 EXIST::FUNCTION:EC,FP_API +ENGINE_register_all_ECDSA 3498 EXIST::FUNCTION:ENGINE +EC_POINT_get_affine_coordinates_GF2m 3499 EXIST:!VMS:FUNCTION:EC +EC_POINT_get_affine_coords_GF2m 3499 EXIST:VMS:FUNCTION:EC +EC_GROUP_dup 3500 EXIST::FUNCTION:EC +ENGINE_get_default_ECDSA 3501 EXIST::FUNCTION:ENGINE +EC_KEY_new 3502 EXIST::FUNCTION:EC +ECDSA_verify 3503 EXIST::FUNCTION:ECDSA +EC_POINT_point2hex 3504 EXIST::FUNCTION:EC +ENGINE_get_STORE 3505 EXIST::FUNCTION:ENGINE +STORE_get_certificate 3506 EXIST::FUNCTION: +ECDSA_do_verify 3507 EXIST::FUNCTION:ECDSA +d2i_ECPrivateKey_fp 3508 EXIST::FUNCTION:EC,FP_API +STORE_delete_certificate 3509 EXIST::FUNCTION: +STORE_method_get_ctrl_function 3510 EXIST::FUNCTION: +STORE_free 3511 EXIST::FUNCTION: +PEM_write_ECPrivateKey 3512 EXIST:!WIN16:FUNCTION:EC +STORE_method_get_unlock_store_function 3513 EXIST::FUNCTION: +STORE_get_ex_data 3514 EXIST::FUNCTION: +PEM_read_ECPKParameters 3515 EXIST:!WIN16:FUNCTION:EC +X509_CERT_PAIR_new 3516 EXIST::FUNCTION: +ENGINE_register_STORE 3517 EXIST::FUNCTION:ENGINE +RSA_generate_key_ex 3518 EXIST::FUNCTION:RSA +DSA_generate_parameters_ex 3519 EXIST::FUNCTION:DSA +ECParameters_print_fp 3520 EXIST::FUNCTION:EC,FP_API +X509V3_NAME_from_section 3521 EXIST::FUNCTION: +STORE_modify_crl 3522 EXIST::FUNCTION: +STORE_list_private_key_start 3523 EXIST::FUNCTION: +POLICY_MAPPINGS_it 3524 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPINGS_it 3524 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +GENERAL_SUBTREE_it 3525 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +GENERAL_SUBTREE_it 3525 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ECDH_DATA_free 3526 EXIST::FUNCTION:ECDH +PEM_write_X509_CERT_PAIR 3527 EXIST:!WIN16:FUNCTION: +d2i_X509_CERT_PAIR 3528 EXIST::FUNCTION: +STORE_list_private_key_endp 3529 EXIST::FUNCTION: +i2d_EC_PUBKEY_fp 3530 EXIST::FUNCTION:EC,FP_API +BN_nist_mod_256 3531 EXIST::FUNCTION: +ECDSA_DATA_new 3532 EXIST::FUNCTION:ECDSA +ECDSA_size 3533 EXIST::FUNCTION:ECDSA +d2i_EC_PUBKEY_bio 3534 EXIST::FUNCTION:BIO,EC +BN_get0_nist_prime_521 3535 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_sha1str 3536 EXIST::FUNCTION: +BN_generate_prime_ex 3537 EXIST::FUNCTION: +DH_generate_parameters_ex 3538 EXIST::FUNCTION:DH +PEM_read_bio_ECPrivateKey 3539 EXIST::FUNCTION:EC +STORE_method_get_cleanup_function 3540 EXIST::FUNCTION: +ENGINE_get_ECDH 3541 EXIST::FUNCTION:ENGINE +d2i_ECDSA_SIG 3542 EXIST::FUNCTION:ECDSA +BN_is_prime_fasttest_ex 3543 EXIST::FUNCTION: +ECDSA_sign 3544 EXIST::FUNCTION:ECDSA +STORE_set_ex_data 3545 EXIST::FUNCTION: +ENGINE_get_ECDSA 3546 EXIST::FUNCTION:ENGINE +EVP_ecdsa 3547 EXIST::FUNCTION:SHA +PKCS12_add_cert 3548 EXIST::FUNCTION: +STORE_OBJECT_new 3549 EXIST::FUNCTION: +ERR_load_ECDH_strings 3550 EXIST::FUNCTION:ECDH +EC_KEY_dup 3551 EXIST::FUNCTION:EC +ECDSA_set_method 3552 EXIST::FUNCTION:ECDSA +a2i_IPADDRESS_NC 3553 EXIST::FUNCTION: +d2i_ECParameters 3554 EXIST::FUNCTION:EC +STORE_list_certificate_end 3555 EXIST::FUNCTION: +STORE_get_crl 3556 EXIST::FUNCTION: +EC_GF2m_simple_method 3557 EXIST::FUNCTION:EC +ECDSA_set_ex_data 3558 EXIST::FUNCTION:ECDSA +EC_KEY_print 3559 EXIST::FUNCTION:BIO,EC +STORE_method_set_lock_store_function 3560 EXIST::FUNCTION: +ECDSA_get_ex_new_index 3561 EXIST::FUNCTION:ECDSA +POLICY_MAPPING_new 3562 EXIST::FUNCTION: +STORE_list_certificate_endp 3563 EXIST::FUNCTION: +EC_GROUP_set_asn1_flag 3564 EXIST::FUNCTION:EC +EC_KEY_check_key 3565 EXIST::FUNCTION:EC +d2i_EC_PUBKEY_fp 3566 EXIST::FUNCTION:EC,FP_API +ecdh_check 3567 EXIST::FUNCTION:ECDH +ECDSA_DATA_new_method 3568 EXIST::FUNCTION:ECDSA +PEM_read_bio_X509_CERT_PAIR 3569 EXIST::FUNCTION: +STORE_method_get_list_end_function 3570 EXIST::FUNCTION: +ENGINE_set_default_ECDH 3571 EXIST::FUNCTION:ENGINE +STORE_new_method 3572 EXIST::FUNCTION: +PKCS12_add_key 3573 EXIST::FUNCTION: +DSO_merge 3574 EXIST::FUNCTION: +EC_POINT_hex2point 3575 EXIST::FUNCTION:EC +BN_GF2m_mod_inv_arr 3576 EXIST::FUNCTION: +ENGINE_unregister_ECDSA 3577 EXIST::FUNCTION:ENGINE +PKCS7_set_digest 3578 EXIST::FUNCTION: +PKCS7_set0_type_other 3579 EXIST::FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index d85a20a605..15813461f0 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -39,6 +39,8 @@ $infile="MINFO"; "ultrix-mips","DEC mips ultrix", "FreeBSD","FreeBSD distribution", "OS2-EMX", "EMX GCC OS/2", + "netware-clib", "CodeWarrior for NetWare - CLib", + "netware-libc", "CodeWarrior for NetWare - LibC", "default","cc under unix", ); @@ -69,6 +71,8 @@ and [options] can be one of no-engine - No engine no-hw - No hw nasm - Use NASM for x86 asm + nw-nasm - Use NASM x86 asm for NetWare + nw-mwasm - Use Metrowerks x86 asm for NetWare gaswin - Use GNU as with Mingw32 no-socks - No socket code no-err - No error strings @@ -198,6 +202,11 @@ elsif ($platform eq "OS2-EMX") $wc=1; require 'OS2-EMX.pl'; } +elsif (($platform eq "netware-clib") || ($platform eq "netware-libc")) + { + $LIBC=1 if $platform eq "netware-libc"; + require 'netware.pl'; + } else { require "unix.pl"; @@ -281,6 +290,8 @@ $defs= <<"EOF"; EOF +$defs .= $preamble if defined $preamble; + if ($platform eq "VC-CE") { $defs.= <<"EOF"; @@ -928,6 +939,8 @@ sub read_options elsif (/^no-aes$/) { $no_aes=1; } elsif (/^no-asm$/) { $no_asm=1; } elsif (/^nasm$/) { $nasm=1; } + elsif (/^nw-nasm$/) { $nw_nasm=1; } + elsif (/^nw-mwasm$/) { $nw_mwasm=1; } elsif (/^gaswin$/) { $gaswin=1; } elsif (/^no-ssl2$/) { $no_ssl2=1; } elsif (/^no-ssl3$/) { $no_ssl3=1; } diff --git a/util/mkdef.pl b/util/mkdef.pl index 4c15a942d2..ddc33c152b 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -273,6 +273,7 @@ $crypto.=" crypto/ocsp/ocsp.h"; $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; $crypto.=" crypto/krb5/krb5_asn.h"; $crypto.=" crypto/tmdiff.h"; +$crypto.=" crypto/store/store.h"; my $symhacks="crypto/symhacks.h"; @@ -1134,27 +1135,55 @@ sub print_test_file } } +sub get_version { + local *MF; + my $v = '?'; + open MF, 'Makefile.ssl' or return $v; + while (<MF>) { + $v = $1, last if /^VERSION=(.*?)\s*$/; + } + close MF; + return $v; +} + sub print_def_file { (*OUT,my $name,*nums,my @symbols)=@_; my $n = 1; my @e; my @r; my @v; my $prev=""; my $liboptions=""; + my $libname = $name; + my $http_vendor = 'www.openssl.org/'; + my $version = get_version(); + my $what = "OpenSSL: implementation of Secure Socket Layer"; + my $description = "$what $version, $name - http://$http_vendor"; if ($W32) - { $name.="32"; } + { $libname.="32"; } elsif ($W16) - { $name.="16"; } + { $libname.="16"; } elsif ($OS2) - { $liboptions = "INITINSTANCE\nDATA NONSHARED"; } + { # DLL names should not clash on the whole system. + # However, they should not have any particular relationship + # to the name of the static library. Chose descriptive names + # (must be at most 8 chars). + my %translate = (ssl => 'open_ssl', crypto => 'cryptssl'); + $libname = $translate{$name} || $name; + $liboptions = <<EOO; +INITINSTANCE +DATA MULTIPLE NONSHARED +EOO + # Vendor field can't contain colon, drat; so we omit http:// + $description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd"; + } print OUT <<"EOF"; ; ; Definition file for the DLL version of the $name library from OpenSSL ; -LIBRARY $name $liboptions +LIBRARY $libname $liboptions -DESCRIPTION 'OpenSSL $name - http://www.openssl.org/' +DESCRIPTION '$description' EOF diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 70d1348a34..d8cac3a3b4 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -53,8 +53,10 @@ my @dirs = ( "crypto/ocsp", "crypto/ui", "crypto/krb5", +"crypto/store", "ssl", "apps", +"engines", "test", "tools" ); diff --git a/util/mkstack.pl b/util/mkstack.pl index 085c50f790..be2cb4f1e7 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -75,6 +75,7 @@ while(<IN>) { #define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val)) #define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val)) #define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val)) +#define sk_${type_thing}_find_ex(st, val) SKM_sk_find_ex($type_thing, (st), (val)) #define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i)) #define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr)) #define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i)) diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index d0472df278..b76b7afd27 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -85,7 +85,7 @@ sub do_lib_rule ($Name=$name) =~ tr/a-z/A-Z/; $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; + $ret.="\tif exist $target \$(RM) $target\n"; $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; $ret.="\t\$(RANLIB) $target\n\n"; } diff --git a/util/pl/OS2-EMX.pl b/util/pl/OS2-EMX.pl index d695dda623..ddb3524210 100644 --- a/util/pl/OS2-EMX.pl +++ b/util/pl/OS2-EMX.pl @@ -3,10 +3,12 @@ # OS2-EMX.pl - for EMX GCC on OS/2 # -$o='\\'; -$cp='copy'; +$o='/'; +$cp='cp'; $rm='rm -f'; +$preamble = "SHELL=sh\n"; + # C compiler stuff $cc='gcc'; @@ -48,24 +50,24 @@ $bf_enc_src=""; if (!$no_asm) { - $bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj"; - $bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm"; - $des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj"; - $des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm"; - $bf_enc_obj="crypto\\bf\\asm\\b-os2$obj"; - $bf_enc_src="crypto\\bf\\asm\\b-os2.asm"; - $cast_enc_obj="crypto\\cast\\asm\\c-os2$obj"; - $cast_enc_src="crypto\\cast\\asm\\c-os2.asm"; - $rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj"; - $rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm"; - $rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj"; - $rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm"; - $md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj"; - $md5_asm_src="crypto\\md5\\asm\\m5-os2.asm"; - $sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj"; - $sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm"; - $rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj"; - $rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm"; + $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj"; + $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm"; + $des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj"; + $des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm"; + $bf_enc_obj="crypto/bf/asm/b-os2$obj"; + $bf_enc_src="crypto/bf/asm/b-os2.asm"; + $cast_enc_obj="crypto/cast/asm/c-os2$obj"; + $cast_enc_src="crypto/cast/asm/c-os2.asm"; + $rc4_enc_obj="crypto/rc4/asm/r4-os2$obj"; + $rc4_enc_src="crypto/rc4/asm/r4-os2.asm"; + $rc5_enc_obj="crypto/rc5/asm/r5-os2$obj"; + $rc5_enc_src="crypto/rc5/asm/r5-os2.asm"; + $md5_asm_obj="crypto/md5/asm/m5-os2$obj"; + $md5_asm_src="crypto/md5/asm/m5-os2.asm"; + $sha1_asm_obj="crypto/sha/asm/s1-os2$obj"; + $sha1_asm_src="crypto/sha/asm/s1-os2.asm"; + $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj"; + $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm"; } if ($shlib) diff --git a/util/point.sh b/util/point.sh index ce7dcc56df..4790e08f8a 100755 --- a/util/point.sh +++ b/util/point.sh @@ -1,10 +1,10 @@ #!/bin/sh -rm -f $2 +rm -f "$2" if test "$OSTYPE" = msdosdjgpp; then - cp $1 $2 + cp "$1" "$2" else - ln -s $1 $2 + ln -s "$1" "$2" fi echo "$2 => $1" diff --git a/util/ssleay.num b/util/ssleay.num index 865005ac64..c2a4909f11 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -218,3 +218,8 @@ SSL_set_msg_callback 267 EXIST::FUNCTION: SSL_set_tmp_ecdh_callback 268 EXIST::FUNCTION:ECDH SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH SSL_SESSION_get_id 270 EXIST::FUNCTION: +SSL_COMP_get_compression_method 271 EXIST::FUNCTION:COMP +SSL_COMP_get_name 272 EXIST::FUNCTION: +SSL_get_current_expansion 273 EXIST::FUNCTION: +SSL_get_current_compression 274 EXIST::FUNCTION: +SSL_COMP_get_compression_methods 275 EXIST::FUNCTION: |